server { use_tls = true tls_key = "server.key" tls_cert = "server.crt" address = "127.0.0.1" port = 443 user = "nobody" cookie_secret = "supersecret" csrf_secret = "supersecret" http_logfile = "cashierd.log" database { type = "mysql" username = "user" password = "passwd" address = "localhost:3306" } } auth { provider = "google" oauth_client_id = "client_id" oauth_client_secret = "secret" oauth_callback_url = "https://sshca.example.com/auth/callback" provider_opts { domain = "example.com" } users_whitelist = ["a_user"] } ssh { signing_key = "signing_key" additional_principals = ["ec2-user", "ubuntu"] max_age = "720h" permissions = ["permit-pty", "permit-X11-forwarding", "permit-port-forwarding", "permit-user-rc"] } aws { region = "us-east-1" access_key = "abcdef" secret_key = "omg123" } vault { address = "https://vault:8200" token = "abc-def-456-789" }