Anton Lundin
3e6137110b
Add support for using ssh-agent as a KMS
...
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.
This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.
That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.
This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.
Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Max
5a1e44a399
Merge pull request #411 from smallstep/docs-links
...
Update READMEs with links to new docs
2020-10-30 10:58:28 -07:00
Mariano Cano
c9c31e2033
Merge pull request #414 from smallstep/cli-utils
...
Use smallstep/cli-utils instead of smallstep/cli
2020-10-29 16:43:52 -07:00
Mariano Cano
b79701202b
Use cli-utils@v0.1.0
2020-10-29 15:07:14 -07:00
Mariano Cano
40d0596b71
Use smallstep/cli-utils instead of smallstep/cli
2020-10-29 13:10:03 -07:00
Mariano Cano
680898c0d4
Merge pull request #412 from smallstep/aws-certs
...
AWS Certificates
2020-10-29 10:11:04 -07:00
Mariano Cano
39b23c057d
Add all AWS certificates used to verify base64 signatures.
2020-10-28 17:47:44 -07:00
Carl Tashian
80beff6ce3
Update READMEs with links to new docs
2020-10-27 16:20:45 -07:00
Mariano Cano
fb18e5afc4
Merge pull request #407 from ndom91/patch-1
...
Update provisioners.md
2020-10-25 12:07:04 -07:00
Nico Domino
8aae8a6153
Update provisioners.md
...
Swapped markdown URL / Text
2020-10-25 10:52:23 +01:00
max furman
81a0df9e45
go mod tidy
2020-10-21 20:42:23 -07:00
max furman
bf45e6ff16
Bump cli to v0.15.3
2020-10-21 16:40:06 -07:00
max furman
03c1eaa8a5
update year on debian copyright
2020-10-20 22:45:00 -07:00
max furman
3f4d041082
bump cli to master
2020-10-20 22:38:59 -07:00
Max
711aafc1d5
Merge pull request #403 from smallstep/max/acme-lock
...
[acme] Use lock for ordersByAccID and type to house methods
2020-10-20 22:35:11 -07:00
Mariano Cano
426f846974
Merge pull request #402 from smallstep/ra-init
...
Add support for CloudCAS on step ca init
2020-10-20 18:00:23 -07:00
max furman
4c48048615
Use sync.Mutex as value
2020-10-20 17:56:15 -07:00
max furman
272cce522e
Fix test and change method name
2020-10-20 17:18:20 -07:00
max furman
f34fb80eb6
[acme] Use lock for ordersByAccID and type to house methods
2020-10-20 16:25:16 -07:00
Mariano Cano
341dc1c3ea
Remove merge data.
2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92
Merge branch 'master' into ra-init
2020-10-19 18:53:55 -07:00
Mariano Cano
2654231c49
Update option property.
2020-10-19 18:47:36 -07:00
Mariano Cano
9f21813dd6
Rename option.
2020-10-19 18:44:27 -07:00
Mariano Cano
2ec0c24e98
Update docs for RA.
2020-10-19 18:43:11 -07:00
Mariano Cano
d46990d4c4
Add support for step ca init with a RA.
2020-10-19 18:42:03 -07:00
Mariano Cano
ef92a3a6d7
Move cas options under authority.
2020-10-19 18:08:51 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS
2020-10-19 11:30:00 -07:00
Mariano Cano
6838233416
Merge pull request #395 from smallstep/aws-identity-cert
...
Add option to specify the AWS IID certificates to use.
2020-10-15 17:14:20 -07:00
Mariano Cano
6a7b564ef9
Unify indent type.
...
This change changes the indentation used by `step ca init` to be
consistent with Config.Save used by `step ca provisioner *`.
2020-10-13 18:53:45 -07:00
Mariano Cano
7d1686dc53
Add option to specify the AWS IID certificates to use.
...
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.
Fixes #393
2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
...
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Mariano Cano
3e0ab8fba7
Fix typo.
2020-10-05 18:00:50 -07:00
Mariano Cano
d64427487d
Add comment about the missing error check.
2020-10-05 17:39:44 -07:00
Mariano Cano
8381e9bd17
Fix typos.
2020-10-05 17:20:22 -07:00
Carl Tashian
329f401e58
Update cas.md
...
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md
...
Added `--location` flag to a couple of the commands
2020-09-29 15:24:15 -07:00
Carl Tashian
c963883d60
Merge pull request #377 from smallstep/gh-discussions
...
Change Gitter links to GH Discussions tab
2020-09-28 14:10:12 -07:00
Mariano Cano
7d779e12db
Change service account name.
2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302
Update CloudCAS instructions.
2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b
Fix iam permissions.
2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61
Change Gitter links to GH Discussions tab
2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43
Add initial docs for CAS.
2020-09-22 13:32:48 -07:00
Mariano Cano
072adc906e
Print root fingerprint for CloudCAS.
2020-09-22 13:23:48 -07:00
Mariano Cano
8e6d7accf8
Do not add the CRL distribution points extension.
...
This extension is added by CloudCAS.
2020-09-21 17:09:46 -07:00
Mariano Cano
38fa780775
Add interface to get root certificate from CAS.
...
This change makes easier the configuration of cloudCAS as it does
not require to configure the root or intermediate certificate
in the ca.json. CloudCAS will get the root certificate using
the configured certificateAuthority.
2020-09-21 15:27:20 -07:00
Mariano Cano
fa099f2ae2
Change method name.
2020-09-21 15:11:25 -07:00
Mariano Cano
d0086fe9ba
Merge pull request #375 from smallstep/admin-templates
...
Use new admin template for K8ssa and admin-OIDC provisioners.
2020-09-21 13:58:09 -07:00
Mariano Cano
4c8bf87dc1
Use new admin template for K8ssa and admin-OIDC provisioners.
...
This change replaces the .Insecure.CR template to one that sets
all the SANs, but uses key usages and extended key usages for
regular TLS certificates.
2020-09-21 12:49:16 -07:00
Mariano Cano
309d9ddcc4
Merge pull request #374 from smallstep/missing-token-ids
...
Create a hash of a token if a token id is empty.
2020-09-21 10:02:58 -07:00
Mariano Cano
d79b4e709e
Create a hash of a token if a token id is empty.
2020-09-18 16:25:08 -07:00