forked from TrueCloudLab/certificates
Add HSMs to feature list on README.md
This commit is contained in:
parent
4fcb3a7c8d
commit
57accb0998
1 changed files with 5 additions and 1 deletions
|
@ -48,6 +48,10 @@ Setting up a *public key infrastructure* (PKI) is out of reach for many small te
|
|||
- Capable of high availability (HA) deployment using [root federation](https://smallstep.com/blog/step-v0.8.3-federation-root-rotation.html) and/or multiple intermediaries
|
||||
- Can operate as [an online intermediate CA for an existing root CA](https://smallstep.com/docs/tutorials/intermediate-ca-new-ca)
|
||||
- [Badger, BoltDB, and MySQL database backends](https://smallstep.com/docs/step-ca/configuration#databases)
|
||||
- Supports advanced [cryptographic protection](https://smallstep.com/docs/step-ca/configuration#cryptographic-protection) of signing keys, eg:
|
||||
- Using PKCS #11 hardware security modules (HSMs)
|
||||
- Using cloud key management services
|
||||
- Using YubiKeys
|
||||
|
||||
### ⚙️ Many ways to automate
|
||||
|
||||
|
@ -56,7 +60,7 @@ There are several ways to authorize a request with the CA and establish a chain
|
|||
You can issue certificates in exchange for:
|
||||
- [ACME challenge responses](#your-own-private-acme-server) from any ACMEv2 client
|
||||
- [OAuth OIDC single sign-on tokens](https://smallstep.com/blog/easily-curl-services-secured-by-https-tls.html), eg:
|
||||
- ID tokens from Okta, GSuite, Azure AD, Auth0.
|
||||
- ID tokens from Okta, GSuite, Azure AD, Auth0
|
||||
- ID tokens from an OAuth OIDC service that you host, like [Keycloak](https://www.keycloak.org/) or [Dex](https://github.com/dexidp/dex)
|
||||
- [Cloud instance identity documents](https://smallstep.com/blog/embarrassingly-easy-certificates-on-aws-azure-gcp/), for VMs on AWS, GCP, and Azure
|
||||
- [Single-use, short-lived JWK tokens]() issued by your CD tool — Puppet, Chef, Ansible, Terraform, etc.
|
||||
|
|
Loading…
Reference in a new issue