What is the benefit of brokering access to SSH with a secrets backend?

Brokering access to SSH with a secrets backend provides a significant advantage by avoiding a single PEM (Privacy Enhanced Mail) access point across multiple machines. In traditional SSH access management, using a static PEM file can create security vulnerabilities, as this allows anyone with access to the PEM file to potentially access any machine that accepts that key.

By using a secrets backend, you can dynamically generate SSH credentials and manage access in a more granular way. This prevents a central point of failure and enhances security by ensuring that each session can use different credentials that are only valid for a limited time. As a result, even if one session's credentials are compromised, it won't lead to complete access across all systems.

This dynamic approach simplifies management, particularly in environments where machines are frequently added or removed, or require different levels of access. It aligns with security best practices by minimizing the risks associated with long-lived static keys. The use of a secrets backend allows for better control over who can access what systems and under what conditions, leading to a more secure infrastructure overall.