Chef InSpec Plugin

Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.

Prerequisites

An SSH Cert Issuer

Chef InSpec Plugin Configuration

1. Issue an SSH Certificate from Akeyless:

   Shell

   akeyless get-ssh-certificate -s <target_username> -c ssh-cert-issuer-name -p <path_to_public_ssh_key> && echo

2. Test SSH connection

   Shell

   ssh <target_username>@<target_ssh_server>

3. Setup ssh-agent and add SSH key public key to the agent:

   Shell

   eval `ssh-agent`
   ssh-add <path_to_public_ssh_key>

4. Test Chef InSpec

   Ruby

   inspec shell -c 'package("git").installed?' -t <target_username>@<target_ssh_server>
   inspec shell -c 'package("git").version' -t <target_username>@<target_ssh_server>

Example

# Sign public ssh key by Akeyless to get ssh certificate
akeyless get-ssh-certificate -s ubuntu -c ssh-cert-issuer-demo -p ~/.ssh/id_rsa.pub --profile inspec && echo
# Test ssh connection
ssh [email protected]
# Setup ssh-agent and add ssh key + certificate to it
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa
# Test chef inspec
inspec shell -c 'package("git").installed?' -t ssh://[email protected]
inspec shell -c 'package("git").version' -t ssh://[email protected]

drive.google.com

AKEYLESS Vault CHEF InSpec integration.mp4