Mariano Cano
39f46d31b9
Remove deprecated binaries
...
This commit removes the following deprecated binaries:
- step-awskms-init
- step-cloudkms-init
- step-pkcs11-init
- step-yubikey-init
From now on step and step-kms-plugin should be used to initialize the
PKI in AWS KMS, GCP KMS, PKCS#11 modules or YubiKeys.
A future commit will add step-kms-plugin to the docker images of
step-ca.
Fixes #1046
2023-01-23 16:30:55 -08:00
Mariano Cano
1f4443d858
Support to ask for key password after crypto change
...
A change in crypto will remove the dependency of the ui package
used for prompting passwords.
2022-09-27 12:03:51 -07:00
max furman
ffff9af323
linting and fixing review feedback
2022-09-20 22:12:08 -07:00
max furman
1e0ea6f958
more linting fixes
2022-09-20 19:05:12 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors
2022-09-20 16:35:41 -07:00
Mariano Cano
bc61b23d91
Add deprecation notices to step-x-init binaries
...
Fixes #1044
2022-09-06 17:39:43 -07:00
Mariano Cano
23b8f45b37
Address gosec warnings
...
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
369b8f81c3
Use go.step.sm/crypto/kms
...
Fixes #975
2022-08-08 17:58:18 -07:00
Gary Belvin
fed09047f9
pinfile
2022-06-09 13:51:14 -04:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault
2022-04-11 14:57:45 -07:00
Panagiotis Siatras
6d4d4560df
add --context flag to step-ca command ( #851 )
...
* added the --context flag
* apply the context and allow for different ca.json
* amended usage for consistency
* added an extra example
* added an extra example
* reordered and reworded examples
2022-03-24 18:18:51 +02:00
Mariano Cano
c0525381eb
Merge branch 'master' into feat/vault
2022-02-16 18:19:23 -08:00
Herman Slatman
af17b6a6f3
Make copyright year dynamic
2022-02-16 11:08:26 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas
2022-01-14 18:56:17 +01:00
Mariano Cano
91878051c1
Merge pull request #741 from gdbelvin/ssh
...
Support CSR Requests from PKCS11
2021-11-17 16:07:23 -08:00
Mariano Cano
febb619882
Add some extra validation and print certificate objects
...
This commit also changes the following flags for consistency:
- --crt-cert to --crt-cert-obj
- --crt-key to --crt-key-obj
2021-11-17 15:48:52 -08:00
max furman
10db335f13
mv pkg config -> step
2021-11-16 21:47:14 -08:00
Gary Belvin
bbb327c8c5
Make a csr if there's not a root
2021-11-12 14:24:26 -05:00
Gary Belvin
29f5a35965
simplify flags
2021-11-12 14:23:38 -05:00
Mariano Cano
8366b7ddf1
Revert "Remove extractable from StoreCertificate."
...
This reverts commit 614ee79489
.
2021-10-29 14:45:10 -07:00
Mariano Cano
614ee79489
Remove extractable from StoreCertificate.
2021-10-29 12:02:24 -07:00
Mariano Cano
aa80bf9f07
Merge branch 'smallstep_master' into extractable
2021-10-28 18:11:42 -07:00
Mariano Cano
e15b5faf7d
Merge branch 'master' into keyvault
2021-10-12 15:15:35 -07:00
max furman
933b40a02a
Introduce gocritic linter and address warnings
2021-10-08 14:59:57 -04:00
Mariano Cano
205148ad1f
Fix exit after defer.
2021-10-07 12:43:24 -07:00
Mariano Cano
48549bf317
Initialize windows terminal on all binaries.
2021-10-07 11:09:32 -07:00
Mariano Cano
d02cb1c869
Enable azurekms.
2021-10-05 17:09:40 -07:00
Mariano Cano
cfe08ad6fe
Add flags to usage.
2021-09-16 12:05:23 -07:00
Gary Belvin
22b471acf9
Extractable certs
2021-06-17 09:29:38 -04:00
Gary Belvin
be89459524
Set key export bit
2021-06-17 09:29:32 -04:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
...
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801
minimize diff
2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199
Add back UI check, but don't read file
2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482
Don't double read from u.Pin()
2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521
Allow reading pin from kms string
2021-06-15 13:16:54 +01:00
Mariano Cano
595f12505c
Merge branch 'master' into name
2021-06-01 10:29:40 -07:00
Gary Belvin
c264e8f580
Configurable pkcs11-init output paths
2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0
Allow configuration of PKCS11 subject name
2021-06-01 17:35:36 +01:00
Mariano Cano
e727532963
Fix wrong format of the first flag on step-ca --help
2021-03-24 14:55:34 -07:00
Mariano Cano
bdeb0ccd7c
Add support for the flag --issuer-password-file
...
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
2021-03-24 14:53:19 -07:00
Mariano Cano
71f59de396
Merge pull request #510 from smallstep/ra-mode
...
StepCAS.
2021-03-24 14:39:27 -07:00
Gary Belvin
341966c30f
Check pin flag
2021-03-23 22:13:35 +00:00
Gary Belvin
1ac838628a
Add flag for setting the pin
2021-03-23 10:40:13 +00:00
Mariano Cano
a6115e29c2
Add initial implementation of StepCAS.
...
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Mariano Cano
e446e22520
Remove extra default.
2021-02-11 19:25:16 -08:00
Mariano Cano
3648c3fab6
Fix error message when --kms is not passed.
2021-02-11 19:24:09 -08:00
Mariano Cano
1d2146166b
Close key manager.
2021-02-01 15:28:09 -08:00
Mariano Cano
51ac28656e
Fix protection level for host keys in cloudkms script.
...
Fixes #460
2021-01-29 16:11:25 -08:00
Mariano Cano
7f9d7eadc9
Attempt to delete key and certificate with the same name.
...
Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
2021-01-29 13:31:07 -08:00
Mariano Cano
162c535705
Add option to not store certificates in the pkcs11 module.
2021-01-28 20:13:28 -08:00