vault_pki

SSH wrapper for the vault_pki execution module.

See there for documentation.

Setup notes

In addition to the regular Vault setup, using sign_certificate and revoke_certificate requires the x509_v2 module to be active on the target.

This means:

1. The global Python installation on the target needs to have the cryptography library installed.

2. On Salt releases below 3008, you need to include the following in your master configuration:

   # e.g. /etc/salt/master.d/salt_ssh.conf
   
   ssh_minion_opts:
     features:
       x509_v2: true