Commit graph

97 commits

Author SHA1 Message Date
Mariano Cano
39f46d31b9
Remove deprecated binaries
This commit removes the following deprecated binaries:

 - step-awskms-init
 - step-cloudkms-init
 - step-pkcs11-init
 - step-yubikey-init

From now on step and step-kms-plugin should be used to initialize the
PKI in AWS KMS, GCP KMS, PKCS#11 modules or YubiKeys.

A future commit will add step-kms-plugin to the docker images of
step-ca.

Fixes #1046
2023-01-23 16:30:55 -08:00
Mariano Cano
1f4443d858
Support to ask for key password after crypto change
A change in crypto will remove the dependency of the ui package
used for prompting passwords.
2022-09-27 12:03:51 -07:00
max furman
ffff9af323
linting and fixing review feedback 2022-09-20 22:12:08 -07:00
max furman
1e0ea6f958
more linting fixes 2022-09-20 19:05:12 -07:00
max furman
ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2022-09-20 16:35:41 -07:00
Mariano Cano
bc61b23d91 Add deprecation notices to step-x-init binaries
Fixes #1044
2022-09-06 17:39:43 -07:00
Mariano Cano
23b8f45b37 Address gosec warnings
Most if not all false positives
2022-08-18 17:46:20 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
Gary Belvin
fed09047f9 pinfile 2022-06-09 13:51:14 -04:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Panagiotis Siatras
6d4d4560df
add --context flag to step-ca command (#851)
* added the --context flag

* apply the context and allow for different ca.json

* amended usage for consistency

* added an extra example

* added an extra example

* reordered and reworded examples
2022-03-24 18:18:51 +02:00
Mariano Cano
c0525381eb Merge branch 'master' into feat/vault 2022-02-16 18:19:23 -08:00
Herman Slatman
af17b6a6f3
Make copyright year dynamic 2022-02-16 11:08:26 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas 2022-01-14 18:56:17 +01:00
Mariano Cano
91878051c1
Merge pull request #741 from gdbelvin/ssh
Support CSR Requests from PKCS11
2021-11-17 16:07:23 -08:00
Mariano Cano
febb619882 Add some extra validation and print certificate objects
This commit also changes the following flags for consistency:
  - --crt-cert to --crt-cert-obj
  - --crt-key to --crt-key-obj
2021-11-17 15:48:52 -08:00
max furman
10db335f13 mv pkg config -> step 2021-11-16 21:47:14 -08:00
Gary Belvin
bbb327c8c5 Make a csr if there's not a root 2021-11-12 14:24:26 -05:00
Gary Belvin
29f5a35965 simplify flags 2021-11-12 14:23:38 -05:00
Mariano Cano
8366b7ddf1 Revert "Remove extractable from StoreCertificate."
This reverts commit 614ee79489.
2021-10-29 14:45:10 -07:00
Mariano Cano
614ee79489 Remove extractable from StoreCertificate. 2021-10-29 12:02:24 -07:00
Mariano Cano
aa80bf9f07 Merge branch 'smallstep_master' into extractable 2021-10-28 18:11:42 -07:00
Mariano Cano
e15b5faf7d Merge branch 'master' into keyvault 2021-10-12 15:15:35 -07:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
205148ad1f Fix exit after defer. 2021-10-07 12:43:24 -07:00
Mariano Cano
48549bf317 Initialize windows terminal on all binaries. 2021-10-07 11:09:32 -07:00
Mariano Cano
d02cb1c869 Enable azurekms. 2021-10-05 17:09:40 -07:00
Mariano Cano
cfe08ad6fe Add flags to usage. 2021-09-16 12:05:23 -07:00
Gary Belvin
22b471acf9 Extractable certs 2021-06-17 09:29:38 -04:00
Gary Belvin
be89459524 Set key export bit 2021-06-17 09:29:32 -04:00
Mariano Cano
a0633a6efb
Merge pull request #612 from gdbelvin/kmspin
Allow reading pin from kms string
2021-06-15 12:05:34 -07:00
Gary Belvin
1fb4406801 minimize diff 2021-06-15 18:19:42 +01:00
Gary Belvin
c6bb7aa199 Add back UI check, but don't read file 2021-06-15 18:18:29 +01:00
Gary Belvin
a63a1d6482 Don't double read from u.Pin() 2021-06-15 18:13:08 +01:00
Gary Belvin
063a09a521 Allow reading pin from kms string 2021-06-15 13:16:54 +01:00
Mariano Cano
595f12505c
Merge branch 'master' into name 2021-06-01 10:29:40 -07:00
Gary Belvin
c264e8f580 Configurable pkcs11-init output paths 2021-06-01 17:46:00 +01:00
Gary Belvin
623e387fb0 Allow configuration of PKCS11 subject name 2021-06-01 17:35:36 +01:00
Mariano Cano
e727532963 Fix wrong format of the first flag on step-ca --help 2021-03-24 14:55:34 -07:00
Mariano Cano
bdeb0ccd7c Add support for the flag --issuer-password-file
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
2021-03-24 14:53:19 -07:00
Mariano Cano
71f59de396
Merge pull request #510 from smallstep/ra-mode
StepCAS.
2021-03-24 14:39:27 -07:00
Gary Belvin
341966c30f Check pin flag 2021-03-23 22:13:35 +00:00
Gary Belvin
1ac838628a Add flag for setting the pin 2021-03-23 10:40:13 +00:00
Mariano Cano
a6115e29c2 Add initial implementation of StepCAS.
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Mariano Cano
e446e22520 Remove extra default. 2021-02-11 19:25:16 -08:00
Mariano Cano
3648c3fab6 Fix error message when --kms is not passed. 2021-02-11 19:24:09 -08:00
Mariano Cano
1d2146166b Close key manager. 2021-02-01 15:28:09 -08:00
Mariano Cano
51ac28656e Fix protection level for host keys in cloudkms script.
Fixes #460
2021-01-29 16:11:25 -08:00
Mariano Cano
7f9d7eadc9 Attempt to delete key and certificate with the same name.
Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
2021-01-29 13:31:07 -08:00
Mariano Cano
162c535705 Add option to not store certificates in the pkcs11 module. 2021-01-28 20:13:28 -08:00