Unable to create client: could not create oidc provider (sample config file for version 1.4)

chanzuckerberg / blessclient

Go client to negotiate SSH certificates

MIT License

63 stars 17 forks source link

Unable to create client: could not create oidc provider (sample config file for version 1.4) #187

Open divyav opened 4 years ago

divyav commented 4 years ago

I am using version 1.4. I get the following error: Unable to create client: could not create oidc provider

Is there a different version of the config file required to run 1.x versions.

edulop91 commented 4 years ago

Hey @divyav , thanks for reachign out! We are in the process of open sourcing the Bless lambda replacement that relies on oauth/oidc for federated access (rather than AWS IAM keys). Until then, you should be able to use one of the 0.x releases. Let me know if those work.

divyav commented 4 years ago

Noted. Thanks! I will try the 0.x release.

divyav commented 4 years ago

I installed 0.6.1 version. I referred to the solution provided here to fix the KMSAuthError. However, now I get:

`FATA[0000] 1 error occurred:

Error requesting kmsauth token: KMS encryption failed: UnrecognizedClientException: The security token included in the request is invalid`

The ssh_exec_command I am using is: 'aws-vault exec divya --no-session -- blessclient run'

Is this the right way to use it?

edulop91 commented 4 years ago

Would you be able to double check if you can perform encryption (maybe by verifying the policy) with your kmsauth kms key?

csanders-git commented 1 year ago

Any update on this? Is the updated project now OSS?