Rotating ssh signing CA

[Kevin Willis]

Hello team,

I am just having an issue on vault version 0.10.4, I am trying to rotate the signing CA on the SSH backend. 

I have found the doc on HashiCorp  website: 

https://www.vaultproject.io/api/secret/ssh/index.html#submit-ca-information

when I tried on my local dev server I received the below error: 

vault write ssh/config/ca private_key=@ca public_key=@ca.pub
Code: 500. Errors:

* 1 error occurred:

* keys are already configured; delete them before reconfiguring

Is this bug or on that doc telling incorrect "This endpoint allows submitting the CA information for the secrets engine via an SSH key pair. If you have already set a certificate and key, they will be overridden." 

Thank you! 

Cheers,

Kevin

[Becca Petrin]

Hi Kevin,

Thanks for pointing that out!

I suspect that document was written before the code was updated in 2017 and the doc just needs to be updated. It should still be possible to change the keys by calling delete, then performing the post again.

-Becca

On Tuesday, March 19, 2019 at 6:20:25 PM UTC-7, Kevin Willis wrote:

Hello team,

I am just having an issue on vault version 0.10.4, I am trying to rotate the signing CA on the SSH backend. 

I have found the doc on HashiCorp  website: 

https://www.vaultproject.io/api/secret/ssh/index.html#submit-ca-information

when I tried on my local dev server I received the below error: 

vault write ssh/config/ca private_key=@ca publi...@ca.pub
Code: 500. Errors: