====== Vault roles ======

===== SSH CA Signature =====

==== Write ====

<code>
$ vault write ssh-Team/roles/my-role -<<"EOH"
{
  "allow_user_certificates": true,
  "allowed_users": "*",
  "default_extensions": [
    {
      "permit-pty": ""
    }
  ],
  "key_type": "ca",
  "default_user": "ubuntu",
  "ttl": "30m0s"
}
EOH
Success! Data written to: ssh-Team/roles/my-role
</code>

==== Read ====

<code>
$ vault read ssh-Team/roles/my-role
Key                         Value
---                         -----
allow_bare_domains          false
allow_host_certificates     false
allow_subdomains            false
allow_user_certificates     true
allow_user_key_ids          false
allowed_critical_options    n/a
allowed_domains             n/a
allowed_extensions          n/a
allowed_user_key_lengths    map[]
allowed_users               *
default_critical_options    map[]
default_extensions          map[permit-pty:]
default_user                ubuntu
key_bits                    0
key_id_format               n/a
key_type                    ca
max_ttl                     0s
ttl                         30m
</code>