machine_ids = "/var/lib/sshca/machine-ids.json"

[oidc]
discovery_url = "https://auth.pyrocufflink.blue"
client_id = "sshca"

[ca.host]
private_key_file = "/run/sshca/secrets/host/key/host-ca-key"
private_key_passphrase_file = "/run/sshca/secrets/host/passphrase/host-ca-key.passphrase"

[ca.user]
private_key_file = "/run/sshca/secrets/user/key/user-ca-key"
private_key_passphrase_file = "/run/sshca/secrets/user/passphrase/user-ca-key.passphrase"

[ca.user.group_principals]
"Server Admins" = [
    "core",
]

[[libvirt]]
uri = "qemu+ssh://sshca@vmhost0.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"

[[libvirt]]
uri = "qemu+ssh://sshca@vmhost1.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"