From c58117b30d28bb2cbaaa16d1c526f4886cf8668f Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Tue, 14 Jul 2020 17:13:06 -0700
Subject: [PATCH] Allow to use base64 when defining a template in the ca.json.

---
 authority/provisioner/options.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/authority/provisioner/options.go b/authority/provisioner/options.go
index 802ec37b..96165d08 100644
--- a/authority/provisioner/options.go
+++ b/authority/provisioner/options.go
@@ -2,6 +2,7 @@ package provisioner
 
 import (
 	"encoding/json"
+	"strings"
 
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/x509util"
@@ -84,8 +85,18 @@ func CustomTemplateOptions(o *ProvisionerOptions, data x509util.TemplateData, de
 				x509util.WithTemplateFile(o.TemplateFile, data),
 			}
 		}
+
+		// Load a template from the Template fields
+		// 1. As a JSON in a string.
+		template := strings.TrimSpace(o.Template)
+		if strings.HasPrefix(template, "{") {
+			return []x509util.Option{
+				x509util.WithTemplate(template, data),
+			}
+		}
+		// 2. As a base64 encoded JSON.
 		return []x509util.Option{
-			x509util.WithTemplate(o.Template, data),
+			x509util.WithTemplateBase64(template, data),
 		}
 	}), nil
 }