keywarden/TODO.md

Next steps:

Certificate Generation:

• User account is created
• User can input SSH pubkey into profile page
• Keywarden creates signed SSH Certificate from User's pubkey and Keywarden CA

Grant:

• User requests access to target server
• Access request approved
• User has linux account created and has key / cert trusted by target server
• User can log into account

Revocation:

• User has access expire or revoked
• Keywarden removes key / cert from target server, or invalidates on Keywarden's side
• Keywarden removes object permissions
• User cannot access server anymore

Permissions:

Administrator:

• Everything

Auditor:

• Can exclusively view audit logs of servers they have access to via request.

User:

Access Requests:

• Can use Shell?
• Can view logs?
• Can have user account?