Learn how to organize SSH hosts into groups and manage access policies at scale.
development
, staging
, production
), geographical regions (us-east
, eu-west
, ap-northeast
), or functions (web-servers
, database-servers
, worker-nodes
) to streamline access management across your infrastructure.
Using a host group, you can define login mappings at the group level and have them be applied to all hosts assigned to that group. For example, you can specify that [email protected]
can login as ubuntu
on all hosts assigned to the production
host group.
infisical ssh add-host
command and assigns them to appropriate host groups either using the --host-group
flag or by adding them to the host group via UI.infisical ssh connect
command, with access determined by the login mappings defined at both host and host group levels.Create a host group
production-servers
or tokyo-region
) and login mapping(s) for the host group.A login mapping for a host group applies to all hosts assigned to the group and dictates what user(s) will be allowed access to the remote hosts
in that group under specific login user(s); in the allowed principals, you should select user(s) part of the Infisical SSH project that will
be allowed to login to the remote host as the login user.For instance, if you add a mapping to a host group with the login user ec2-user
to some users John and Alice in Infisical, then they will be allowed to login to any remote host that is part of the group as ec2-user
which is a system user that
exists on the remote host(s).Add host(s) to the host group