3e6137110b
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys for issuing ssh certificates signed by a key managed by a ssh-agent. It uses the golang.org/x/crypto package to get a native Go implementation to talk to a ssh-agent. This was primarly written to be able to use gpg-agent to provide the keys stored in a YubiKeys openpgp interface, but can be used for other setups like proxying a ssh-agent over network. That way the signing key for ssh certificates can be kept in a "sign-only" hsm. This code was written for my employer Intinor AB, but for simplicity sake gifted to me to contribute upstream. Signed-off-by: Anton Lundin <glance@acc.umu.se> |
||
---|---|---|
.. | ||
provisioner | ||
testdata | ||
authority.go | ||
authority_test.go | ||
authorize.go | ||
authorize_test.go | ||
config.go | ||
config_test.go | ||
options.go | ||
provisioners.go | ||
provisioners_test.go | ||
root.go | ||
root_test.go | ||
ssh.go | ||
ssh_test.go | ||
tls.go | ||
tls_options.go | ||
tls_options_test.go | ||
tls_test.go | ||
types.go | ||
types_test.go | ||
version.go |