Add support for signing requests using ssh-agent.

Signed-off-by: Noah Kantrowitz <noah@coderanger.net>
author: Noah Kantrowitz <noah@coderanger.net> 2018-05-30 15:59:57 -0700
committer: Noah Kantrowitz <noah@coderanger.net> 2018-05-30 15:59:57 -0700
commit: 3f7ffb322fb8f414ebf28eaa4b6fe4c94d7857a9 (patch)
tree: 848b088488ae5f92f0d785e8c4ba0165d302c2b5 /chef-config
parent: a074d491722bf665da843e76672ffbadf92e3661 (diff)
download: chef-3f7ffb322fb8f414ebf28eaa4b6fe4c94d7857a9.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb
index ef792b2db7..5e641138d3 100644
--- a/chef-config/lib/chef-config/config.rb
+++ b/chef-config/lib/chef-config/config.rb
@@ -592,7 +592,7 @@ module ChefConfig
     # the 'mixlib-authorization' project for more detail). Currently, versions
     # 1.0, 1.1, and 1.3 are available.
     default :authentication_protocol_version do
-      if fips
+      if fips || ssh_agent_signing
         "1.3"
       else
         "1.1"
@@ -621,6 +621,10 @@ module ChefConfig
     # never be set to true or its possibly an easily exploitable security hole.
     default :follow_client_key_symlink, false
 
+    # Enable ssh-agent signing mode. This requires {client_key} be set to a
+    # public key rather than the usual private key.
+    default :ssh_agent_signing, false
+
     # This secret is used to decrypt encrypted data bag items.
     default(:encrypted_data_bag_secret) do
       if File.exist?(platform_specific_path("/etc/chef/encrypted_data_bag_secret"))
author	Noah Kantrowitz <noah@coderanger.net>	2018-05-30 15:59:57 -0700
committer	Noah Kantrowitz <noah@coderanger.net>	2018-05-30 15:59:57 -0700
commit	3f7ffb322fb8f414ebf28eaa4b6fe4c94d7857a9 (patch)
tree	848b088488ae5f92f0d785e8c4ba0165d302c2b5 /chef-config
parent	a074d491722bf665da843e76672ffbadf92e3661 (diff)
download	chef-3f7ffb322fb8f414ebf28eaa4b6fe4c94d7857a9.tar.gz