Enabling Credential Injection in Boundary for SSH-OTP secret engine

[japneet-sahni]

trafficstars

Is your feature request related to a problem? Please describe. In order to access linux servers through Boundary, we are getting dynamic credentials for these servers using SSH OTPs from Vault. Currently, we are leveraging credential brokering for the same, which means once we connect to the target, the user has to copy the OTP (key field in the secret) and then paste that OTP in the ssh terminal.

Describe the solution you'd like We would like to leverage SSH Credential Injection feature along with this secret engine and it seems that this is currently not supported. Use of this feature along with embedded terminals will give a great passwordless authentication feature for these linux servers.

Describe alternatives you've considered The other option was to use SSH certificates instead of OTPs but this feature was launched really late and by then we have already adopted with OTP feature.

Explain any additional use-cases It would be great if same can be enabled for RDP protocol for domain joined windows servers with OpenLDAP secret engine which gives AD password for that user.

Additional context We are leveraging Boundary Enterprise (self-managed) already

[anando-chatterjee]

Hello @japneet-sahni thank you for this excellent suggestion! I can see how this functionality could provide a more seamless end-user experience to Boundary users leveraging one-time SSH passwords from Vault.

I will leave this request open to solicit feedback and to gauge interest from the community via upvotes, which would help us in prioritizing this feature request.