Chef InSpec is an open-source framework for testing and auditing your applications and infrastructure. Chef InSpec works by comparing the actual state of your system with the desired state that you express in easy-to-read and easy-to-write Chef InSpec code. Chef InSpec detects violations and displays findings in the form of a report, but puts you in control of remediation.
Create ssh cert issuer, according to the described at How to: Create Dynamic Secret to SQL DB
- Sign public SSH key with AKEYLESS Vault to get ssh certificate
Please refer to How to: Configure Keyless SSH prior to running this step.
akeyless get-ssh-certificate -s <target_username> -c ssh-cert-issuer-demo -p <path_to_public_ssh_key> && echo
- Test SSH connection
- Setup ssh-agent and add SSH key and certificate to it
eval `ssh-agent` ssh-add <path_to_public_ssh_key>
- Test Chef InSpec
inspec shell -c 'package("git").installed?' -t <target_username>@<target_ssh_server> inspec shell -c 'package("git").version' -t <target_username>@<target_ssh_server>
# sign public ssh key by Akeyless to get ssh certificate akeyless get-ssh-certificate -s ubuntu -c ssh-cert-issuer-demo -p ~/.ssh/id_rsa.pub --profile inspec && echo # Test ssh connection ssh [email protected] # Setup ssh-agent and add ssh key + certificate to it eval `ssh-agent` ssh-add ~/.ssh/id_rsa # Test chef inspec inspec shell -c 'package("git").installed?' -t ssh://[email protected] inspec shell -c 'package("git").version' -t ssh://[email protected]
Updated over 1 year ago