Commit graph

1480 commits

Author SHA1 Message Date
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Max
5a1e44a399
Merge pull request #411 from smallstep/docs-links
Update READMEs with links to new docs
2020-10-30 10:58:28 -07:00
Mariano Cano
c9c31e2033
Merge pull request #414 from smallstep/cli-utils
Use smallstep/cli-utils instead of smallstep/cli
2020-10-29 16:43:52 -07:00
Mariano Cano
b79701202b Use cli-utils@v0.1.0 2020-10-29 15:07:14 -07:00
Mariano Cano
40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 2020-10-29 13:10:03 -07:00
Mariano Cano
680898c0d4
Merge pull request #412 from smallstep/aws-certs
AWS Certificates
2020-10-29 10:11:04 -07:00
Mariano Cano
39b23c057d Add all AWS certificates used to verify base64 signatures. 2020-10-28 17:47:44 -07:00
Carl Tashian
80beff6ce3 Update READMEs with links to new docs 2020-10-27 16:20:45 -07:00
Mariano Cano
fb18e5afc4
Merge pull request #407 from ndom91/patch-1
Update provisioners.md
2020-10-25 12:07:04 -07:00
Nico Domino
8aae8a6153
Update provisioners.md
Swapped markdown URL / Text
2020-10-25 10:52:23 +01:00
max furman
81a0df9e45 go mod tidy 2020-10-21 20:42:23 -07:00
max furman
bf45e6ff16 Bump cli to v0.15.3 2020-10-21 16:40:06 -07:00
max furman
03c1eaa8a5 update year on debian copyright 2020-10-20 22:45:00 -07:00
max furman
3f4d041082 bump cli to master 2020-10-20 22:38:59 -07:00
Max
711aafc1d5
Merge pull request #403 from smallstep/max/acme-lock
[acme] Use lock for ordersByAccID and type to house methods
2020-10-20 22:35:11 -07:00
Mariano Cano
426f846974
Merge pull request #402 from smallstep/ra-init
Add support for CloudCAS on step ca init
2020-10-20 18:00:23 -07:00
max furman
4c48048615 Use sync.Mutex as value 2020-10-20 17:56:15 -07:00
max furman
272cce522e Fix test and change method name 2020-10-20 17:18:20 -07:00
max furman
f34fb80eb6 [acme] Use lock for ordersByAccID and type to house methods 2020-10-20 16:25:16 -07:00
Mariano Cano
341dc1c3ea Remove merge data. 2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92 Merge branch 'master' into ra-init 2020-10-19 18:53:55 -07:00
Mariano Cano
2654231c49 Update option property. 2020-10-19 18:47:36 -07:00
Mariano Cano
9f21813dd6 Rename option. 2020-10-19 18:44:27 -07:00
Mariano Cano
2ec0c24e98 Update docs for RA. 2020-10-19 18:43:11 -07:00
Mariano Cano
d46990d4c4 Add support for step ca init with a RA. 2020-10-19 18:42:03 -07:00
Mariano Cano
ef92a3a6d7 Move cas options under authority. 2020-10-19 18:08:51 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS 2020-10-19 11:30:00 -07:00
Mariano Cano
6838233416
Merge pull request #395 from smallstep/aws-identity-cert
Add option to specify the AWS IID certificates to use.
2020-10-15 17:14:20 -07:00
Mariano Cano
6a7b564ef9 Unify indent type.
This change changes the indentation used by `step ca init` to be
consistent with Config.Save used by `step ca provisioner *`.
2020-10-13 18:53:45 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use.
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Mariano Cano
3e0ab8fba7 Fix typo. 2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d Add comment about the missing error check. 2020-10-05 17:39:44 -07:00
Mariano Cano
8381e9bd17 Fix typos. 2020-10-05 17:20:22 -07:00
Carl Tashian
329f401e58
Update cas.md
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Carl Tashian
c963883d60
Merge pull request #377 from smallstep/gh-discussions
Change Gitter links to GH Discussions tab
2020-09-28 14:10:12 -07:00
Mariano Cano
7d779e12db Change service account name. 2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302 Update CloudCAS instructions. 2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b Fix iam permissions. 2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43 Add initial docs for CAS. 2020-09-22 13:32:48 -07:00
Mariano Cano
072adc906e Print root fingerprint for CloudCAS. 2020-09-22 13:23:48 -07:00
Mariano Cano
8e6d7accf8 Do not add the CRL distribution points extension.
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775 Add interface to get root certificate from CAS.
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2 Change method name. 2020-09-21 15:11:25 -07:00
Mariano Cano
d0086fe9ba
Merge pull request #375 from smallstep/admin-templates
Use new admin template for K8ssa and admin-OIDC provisioners.
2020-09-21 13:58:09 -07:00
Mariano Cano
4c8bf87dc1 Use new admin template for K8ssa and admin-OIDC provisioners.
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e Create a hash of a token if a token id is empty. 2020-09-18 16:25:08 -07:00