You will need:
The following features are supported:
Host Tags (key-value pairs) are the pillar our access control model. Rather than mapping people or groups directly to hosts, you'll map tag combinations to your hosts and to your user groups. First you'll put your hosts into logical groups using tags, eg. role
:web
or env
:staging
. Then, you'll grant user groups access to all hosts with a specific tag combination. Finally, you'll choose which user group tag combinations will allow sudo
privileges on any matching hosts.
Let's look at an example:
developers
group will have access to myserver #1
only.data
group will have access to myserver #2
and myserver #3
.ops
group will have sudo
access to myserver #2
and myserver #3
.Of course, hosts and groups can have as many tag combinations as you like. Take a minute to think about how you'd like to use Host Tags in your environment.
Sign in at https://smallstep.com/app/[Team ID]
database
: production
.You should see two Directories. The "Smallstep" directory contains Administrators who can manage the application. The other directory contains users and groups synchronized from your identity provider.