Mariano Cano
2026787ce4
Add some extra coverage.
2021-10-07 15:01:11 -07:00
Mariano Cano
52a18e0c2d
Add key name to CreateCertificateAuthority
2021-10-07 14:19:39 -07:00
Mariano Cano
08c9902f29
Add new alias in the kms package.
2021-10-06 18:42:01 -07:00
Mariano Cano
505b1f3678
Add new test case with a version in the opaque string.
2021-10-06 18:41:31 -07:00
Mariano Cano
d2581489a3
Redefine uris and set proper type.
...
URIs will now have the form:
- azurekms:name=my-key;vault=my-vault
- azurekms:name=my-key;vault=my-vault?version=my-version
2021-10-06 18:39:12 -07:00
Mariano Cano
656099c4f0
Add type for azurekms.
2021-10-06 18:38:32 -07:00
Mariano Cano
56c3559e52
Add some extra coverage.
2021-10-05 20:41:55 -07:00
Mariano Cano
6389100325
Add unit tests for azurekms.
2021-10-05 20:35:52 -07:00
Mariano Cano
97d08a1b61
Fix typos.
2021-10-05 17:11:23 -07:00
Mariano Cano
d02cb1c869
Enable azurekms.
2021-10-05 17:09:40 -07:00
Mariano Cano
392a18465f
Add initial implementation of Azure Key Vault KMS.
...
Fixes #462
2021-10-05 17:06:17 -07:00
Mariano Cano
896fd5efae
Merge pull request #715 from smallstep/template-vars
...
Fix ssh template variables when CA is injected using options.
2021-09-29 10:43:20 -07:00
Mariano Cano
9fb6df3abb
Fix ssh template variables when CA is injected using options.
2021-09-28 18:50:45 -07:00
max furman
afe1980d13
changelog update for 0.17.4
2021-09-28 16:15:23 -07:00
Mariano Cano
4a899fbafc
Merge pull request #714 from smallstep/host-or-user-only-ssh-ca
...
SSH host or SSH user only CA
2021-09-28 16:11:23 -07:00
Mariano Cano
42e2635848
Add entry in changelog.
2021-09-28 15:59:48 -07:00
Mariano Cano
aedd7fcc05
Be able to start a SSH host or SSH user only CA
...
In previous versions if the host or user CA is not configured, the
start of step-ca was crashing. This allows to configure a user or
host only ssh ca.
2021-09-28 15:07:09 -07:00
Max
3f44dae26a
Merge pull request #713 from smallstep/max/release
...
[action] update release URLs in header
2021-09-27 16:41:29 -07:00
max furman
6aaa7853b2
[action] update release URLs in header
2021-09-27 16:24:01 -07:00
max furman
ba17869deb
changelog update for 0.17.3
2021-09-24 14:24:28 -07:00
Mariano Cano
28bd2ef6c1
Merge pull request #711 from smallstep/oidc-admin-group
...
Check for admins in both emails and groups.
2021-09-24 13:56:13 -07:00
Mariano Cano
963eaf8882
Fix line in changelog
2021-09-24 13:50:47 -07:00
Mariano Cano
9eb757797e
Add line to changelog.
2021-09-24 13:50:10 -07:00
Mariano Cano
a50654b468
Check for admins in both emails and groups.
2021-09-23 15:49:28 -07:00
Mariano Cano
7f00cc7aad
Clarify changelog feature.
2021-09-22 17:41:12 -07:00
Mariano Cano
2ae6b42cfe
Add missing feature to the changelog.
2021-09-22 16:39:23 -07:00
Mariano Cano
2cf4127310
Merge pull request #710 from smallstep/upgrade-go-jose
...
Upgrade go-jose.v2
2021-09-22 15:22:53 -07:00
Mariano Cano
ad82d8a250
Upgrade go.step.sm/crypto as long with go-jose.v2
...
There was a typo in the OKP template causing bad fingerprints for
Ed25519 keys.
See a10ff54e00
Fixes #705
2021-09-22 15:15:19 -07:00
max furman
2d5bfd3485
fix comment
2021-09-22 11:56:52 -07:00
Carl Tashian
04784be03e
Update cert-renewer@.service
...
Wrap command line env variables in braces so they are treated as a single argument (rather than split on whitespace)
2021-09-21 17:23:29 -07:00
Mariano Cano
845fa07064
Merge pull request #708 from smallstep/helm-fix
...
Use badgerv2 the default DB in helm
2021-09-17 12:59:04 -07:00
Mariano Cano
4fde7b5250
Use badgerv2 the default in helm too.
...
Use also port 443 for the ca-url, as we usually access through the
service, this can be overridden by --with-ca-url flag in the cli.
2021-09-17 12:49:16 -07:00
Mariano Cano
ebf1afa96e
Merge pull request #707 from smallstep/password-flags
...
Add support for setting individual password for ssh and tls keys
2021-09-16 13:50:03 -07:00
Mariano Cano
cfe08ad6fe
Add flags to usage.
2021-09-16 12:05:23 -07:00
Mariano Cano
6729c79253
Add support for setting individual password for ssh and tls keys
...
This change add the following flags:
* --ssh-host-password-file
* --ssh-user-password-file
Fixes #693
2021-09-16 11:55:41 -07:00
max furman
8df9f629b1
go mod tidy
2021-09-16 00:14:06 -07:00
Max
4daef5dd0b
Merge pull request #703 from hslatman/hs/update-pkcs7
...
Update go.mozilla.org/pkcs7
2021-09-16 00:12:34 -07:00
Herman Slatman
73d0a11a20
Update github.com/micromdm/scep/v2
2021-09-16 08:29:25 +02:00
Herman Slatman
611859eec4
Update go.mozilla.org/pkcs7
...
This includes the fix as described in https://github.com/mozilla-services/pkcs7/pull/59 ,
which was the reason a fork of the library was used.
2021-09-16 08:24:28 +02:00
Carl Tashian
e3acea9704
Add release page link to install docs
2021-09-15 10:30:04 -07:00
Max
23add69c9b
Merge pull request #702 from smallstep/max/release-header
...
[action] add official package links to github release header (via goreleaser)
2021-09-13 09:59:32 -07:00
max furman
6d644ddb2a
[action] goreleaser pkg link cli -> certificates
2021-09-12 21:32:22 -07:00
max furman
fcf322023a
[action] goreleaser github release footer fix missing close braces
2021-09-11 14:42:02 -07:00
max furman
494da3d668
[action] goreleaser header packages
2021-09-11 13:05:17 -07:00
max furman
2cce795d8f
[action] reference correct pub key in cosign example release header
2021-09-09 16:53:47 -07:00
max furman
8a99f7e458
[action] add header and footer to github release page
2021-09-09 16:37:43 -07:00
Mariano Cano
ae42daf288
Merge pull request #700 from smallstep/cloudcas-signature-algorithm
...
Allow to kms signers to define the SignatureAlgorithm
2021-09-09 12:55:45 -07:00
Mariano Cano
e4e799ca85
Fix typos in comment.
2021-09-09 12:45:29 -07:00
Mariano Cano
6e0d515a55
Add entry to changelog.
2021-09-08 17:49:15 -07:00
Mariano Cano
6d644880bd
Allow to kms signers to define the SignatureAlgorithm
...
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.
On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00