diff --git a/docker/Dockerfile.step-ca b/docker/Dockerfile.step-ca index 32160e1d..8cf918df 100644 --- a/docker/Dockerfile.step-ca +++ b/docker/Dockerfile.step-ca @@ -19,7 +19,6 @@ USER step ENV CONFIGPATH="/home/step/config/ca.json" ENV PWDPATH="/home/step/secrets/password" -ENV PROVISIONER_PWDPATH="/home/step/secrets/provisioner_password" VOLUME ["/home/step"] STOPSIGNAL SIGTERM @@ -28,4 +27,4 @@ HEALTHCHECK CMD step ca health 2>/dev/null | grep "^ok" >/dev/null COPY docker/entrypoint.sh /entrypoint.sh ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] -CMD exec /usr/local/bin/step-ca --password-file $PWDPATH --provisioner-password-file $PROVISIONER_PWDPATH $CONFIGPATH +CMD exec /usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH diff --git a/docker/Dockerfile.step-ca.hsm b/docker/Dockerfile.step-ca.hsm index 42c481c1..8f413cd7 100644 --- a/docker/Dockerfile.step-ca.hsm +++ b/docker/Dockerfile.step-ca.hsm @@ -24,7 +24,6 @@ USER step ENV CONFIGPATH="/home/step/config/ca.json" ENV PWDPATH="/home/step/secrets/password" -ENV PROVISIONER_PWDPATH="/home/step/secrets/provisioner_password" VOLUME ["/home/step"] STOPSIGNAL SIGTERM @@ -33,4 +32,4 @@ HEALTHCHECK CMD step ca health 2>/dev/null | grep "^ok" >/dev/null COPY docker/entrypoint.sh /entrypoint.sh ENTRYPOINT ["/bin/bash", "/entrypoint.sh"] -CMD exec /usr/local/bin/step-ca --password-file $PWDPATH --provisioner-password-file $PROVISIONER_PWDPATH $CONFIGPATH +CMD exec /usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 4fa10c1e..5091eeb5 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -60,7 +60,6 @@ function step_ca_init () { fi step ca init "${setup_args[@]}" mv $STEPPATH/password $PWDPATH - mv $STEPPATH/provisioner_password $PROVISIONER_PWDPATH } if [ -f /usr/sbin/pcscd ]; then @@ -71,11 +70,4 @@ if [ ! -f "${STEPPATH}/config/ca.json" ]; then init_if_possible fi -if [ -f "${PWDPATH}" ] && [ ! -f "${PROVISIONER_PWDPATH}" ]; then - # For backward compatibility, - # if the --provisioner-password-file doesn't exist, - # use the same password as the CA. - cp ${PWDPATH} ${PROVISIONER_PWDPATH} -fi - exec "${@}"