3e6137110b
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys for issuing ssh certificates signed by a key managed by a ssh-agent. It uses the golang.org/x/crypto package to get a native Go implementation to talk to a ssh-agent. This was primarly written to be able to use gpg-agent to provide the keys stored in a YubiKeys openpgp interface, but can be used for other setups like proxying a ssh-agent over network. That way the signing key for ssh certificates can be kept in a "sign-only" hsm. This code was written for my employer Intinor AB, but for simplicity sake gifted to me to contribute upstream. Signed-off-by: Anton Lundin <glance@acc.umu.se> |
||
---|---|---|
.. | ||
images | ||
acme.md | ||
cas.md | ||
CONTRIBUTING.md | ||
database.md | ||
defaults.md | ||
docker.md | ||
GETTING_STARTED.md | ||
kms.md | ||
provisioners.md | ||
questions.md | ||
README.md | ||
revocation.md |
Step Certificates Documentation
Note: Much of our documentation has moved
Index of Documentation and Tutorials for using and deploying the step certificates
.
Table of Contents
- General Info
- Website
- Installation Guide
- Getting Started: in depth guide on getting started
with
step-ca
, including all configuration options. - Contributor's Guide
- Sane Defaults: default algorithms and attributes used in cryptographic primitives and why they were selected.
- Frequently Asked Questions
- Check out our Blog. We post quality educational content as well as periodic updates on new releases.
- API: Guides to using the API via the
step
CLI.- Revoking Certificates
- Persistence Layer: description and guide to using
step certificates
' persistence layer for storing certificate management metadata.
- Tutorials: Guides for deploying and getting started with
step
in various environments.