Commit graph

1486 commits

Author SHA1 Message Date
Mariano Cano
062edcdfb4 Fix unexpected error. 2020-11-18 16:57:24 -08:00
Mariano Cano
9607eddd6a Remove unused code. 2020-11-18 16:57:24 -08:00
Mariano Cano
fcaaab94a4 Add method to create a CertificateAuthorityResponse. 2020-11-18 16:57:24 -08:00
Mariano Cano
a3f729fc28 Add support for local signing or cloudCAS intermediates. 2020-11-18 16:57:24 -08:00
Mariano Cano
fe7db340b0 Update go.step.sm/crypto dependency. 2020-11-18 16:57:24 -08:00
Mariano Cano
5deca85b14 Add initial support for step ca init with cloud cas.
Fixes smallstep/cli#363
2020-11-18 16:57:24 -08:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Max
5a1e44a399
Merge pull request #411 from smallstep/docs-links
Update READMEs with links to new docs
2020-10-30 10:58:28 -07:00
Mariano Cano
c9c31e2033
Merge pull request #414 from smallstep/cli-utils
Use smallstep/cli-utils instead of smallstep/cli
2020-10-29 16:43:52 -07:00
Mariano Cano
b79701202b Use cli-utils@v0.1.0 2020-10-29 15:07:14 -07:00
Mariano Cano
40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 2020-10-29 13:10:03 -07:00
Mariano Cano
680898c0d4
Merge pull request #412 from smallstep/aws-certs
AWS Certificates
2020-10-29 10:11:04 -07:00
Mariano Cano
39b23c057d Add all AWS certificates used to verify base64 signatures. 2020-10-28 17:47:44 -07:00
Carl Tashian
80beff6ce3 Update READMEs with links to new docs 2020-10-27 16:20:45 -07:00
Mariano Cano
fb18e5afc4
Merge pull request #407 from ndom91/patch-1
Update provisioners.md
2020-10-25 12:07:04 -07:00
Nico Domino
8aae8a6153
Update provisioners.md
Swapped markdown URL / Text
2020-10-25 10:52:23 +01:00
max furman
81a0df9e45 go mod tidy 2020-10-21 20:42:23 -07:00
max furman
bf45e6ff16 Bump cli to v0.15.3 2020-10-21 16:40:06 -07:00
max furman
03c1eaa8a5 update year on debian copyright 2020-10-20 22:45:00 -07:00
max furman
3f4d041082 bump cli to master 2020-10-20 22:38:59 -07:00
Max
711aafc1d5
Merge pull request #403 from smallstep/max/acme-lock
[acme] Use lock for ordersByAccID and type to house methods
2020-10-20 22:35:11 -07:00
Mariano Cano
426f846974
Merge pull request #402 from smallstep/ra-init
Add support for CloudCAS on step ca init
2020-10-20 18:00:23 -07:00
max furman
4c48048615 Use sync.Mutex as value 2020-10-20 17:56:15 -07:00
max furman
272cce522e Fix test and change method name 2020-10-20 17:18:20 -07:00
max furman
f34fb80eb6 [acme] Use lock for ordersByAccID and type to house methods 2020-10-20 16:25:16 -07:00
Mariano Cano
341dc1c3ea Remove merge data. 2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92 Merge branch 'master' into ra-init 2020-10-19 18:53:55 -07:00
Mariano Cano
2654231c49 Update option property. 2020-10-19 18:47:36 -07:00
Mariano Cano
9f21813dd6 Rename option. 2020-10-19 18:44:27 -07:00
Mariano Cano
2ec0c24e98 Update docs for RA. 2020-10-19 18:43:11 -07:00
Mariano Cano
d46990d4c4 Add support for step ca init with a RA. 2020-10-19 18:42:03 -07:00
Mariano Cano
ef92a3a6d7 Move cas options under authority. 2020-10-19 18:08:51 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS 2020-10-19 11:30:00 -07:00
Mariano Cano
6838233416
Merge pull request #395 from smallstep/aws-identity-cert
Add option to specify the AWS IID certificates to use.
2020-10-15 17:14:20 -07:00
Mariano Cano
6a7b564ef9 Unify indent type.
This change changes the indentation used by `step ca init` to be
consistent with Config.Save used by `step ca provisioner *`.
2020-10-13 18:53:45 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use.
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Mariano Cano
3e0ab8fba7 Fix typo. 2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d Add comment about the missing error check. 2020-10-05 17:39:44 -07:00
Mariano Cano
8381e9bd17 Fix typos. 2020-10-05 17:20:22 -07:00
Carl Tashian
329f401e58
Update cas.md
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Carl Tashian
c963883d60
Merge pull request #377 from smallstep/gh-discussions
Change Gitter links to GH Discussions tab
2020-09-28 14:10:12 -07:00
Mariano Cano
7d779e12db Change service account name. 2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302 Update CloudCAS instructions. 2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b Fix iam permissions. 2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43 Add initial docs for CAS. 2020-09-22 13:32:48 -07:00
Mariano Cano
072adc906e Print root fingerprint for CloudCAS. 2020-09-22 13:23:48 -07:00
Mariano Cano
8e6d7accf8 Do not add the CRL distribution points extension.
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00