#--------------------------------------------------------------
# ssh
#   create engine
#   generate ca cert
#   tune the ssh engine
#--------------------------------------------------------------
resource "vault_mount" "sshca" {
  path                  = "sshca"
  type                  = "ssh"
  description           = "SSH CA Engine"
  max_lease_ttl_seconds = 87600 * 3600
}

resource "vault_ssh_secret_backend_ca" "ssh_ca" {
  backend              = vault_mount.sshca.path
  generate_signing_key = true
  key_type             = "ssh-rsa"
}