wx-ssh-sign(){
    echo "           >> SSH <<          "
    echo "             Sign             "
    echo "------------------------------"

    if [[ $ORG == "warengroup" ]]
    then
        wx-ssh-sign-create warengroup sysadmin 3600
    elif [[ $ORG == "cwinfo" ]]
    then
        wx-ssh-sign-create cwinfo sysadmin 3600
    elif [[ $ORG == "cwchristerw" ]]
    then
        wx-ssh-sign-create warengroup sysadmin 3600
        wx-ssh-sign-create cwinfo sysadmin 3600
        wx-ssh-sign-create cwchristerw sysadmin 3600
    fi
}

wx-ssh-sign-create(){
    mkdir -p $HOME/.ssh/keys
    chmod 700 $HOME/.ssh/keys
    chmod 600 $HOME/.ssh/keys/*

    NAME=$1
    ROLE=$2
    PRINCIPALS=$2
    TTL=$3

    if [[ ! -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
    then
        ssh-keygen -t ed25519 -f $HOME/.ssh/keys/$NAME-ed25519 -q -N "" &> /dev/null
    fi

    if [[ -f "$HOME/.ssh/keys/$NAME-ed25519" ]]
    then
        echo "$NAME/$ROLE"
        echo $(curl https://$VAULT_DOMAIN/v1/ssh/sign/$ROLE -X POST --header "X-Vault-Token: ${config[$ORG]}" -d "{ \"public_key\": \"$(cat $HOME/.ssh/keys/$NAME-ed25519.pub)\", \"valid_principals\": \"$PRINCIPALS,$USER\", \"ttl\": \"$TTL\" }" -s | jq -r '.data.signed_key') > ~/.ssh/keys/$NAME-ed25519.sig 2>&1
    fi
}