Commit graph

1090 commits

Author SHA1 Message Date
Mariano Cano
89e164dad6 Add AuthorityKeyId to cloudkms root cert. 2020-05-19 13:15:09 -07:00
Mariano Cano
97508ca215 Add AuthorityKeyId to root certificate.
Fix error string.
2020-05-19 13:05:55 -07:00
Mariano Cano
3e40cb89a7 Add some docs for YubiKey configuration. 2020-05-15 12:24:25 -07:00
Mariano Cano
d95c055163 piv-go requires libpcsclite-dev on linux. 2020-05-15 11:40:26 -07:00
Mariano Cano
03a6789f0e Fix compile errors without cgo support. 2020-05-15 11:33:22 -07:00
Mariano Cano
012a4734bf Add better messaging when yubikey is not detected. 2020-05-15 11:33:04 -07:00
Mariano Cano
7d61c0003c Enable softkms and cloudkms. 2020-05-15 11:32:12 -07:00
Mariano Cano
025c0aa20f Display the proper yubikey uri. 2020-05-11 19:42:21 -07:00
Mariano Cano
22b86c3fcc Only rewrite keys with --force. 2020-05-11 19:40:12 -07:00
Mariano Cano
63e36ecd7a Refactor the initialization of KeyManagers. 2020-05-11 18:47:22 -07:00
Mariano Cano
c02fe77998 Close the key manager before shutting down. 2020-05-07 18:59:30 -07:00
Mariano Cano
029483463b Remove extra +build statement. 2020-05-07 18:51:41 -07:00
Mariano Cano
ef2b13b163 Add step-yubikey-init as a target. 2020-05-07 18:40:36 -07:00
Mariano Cano
677e99793e Create alternative yubikey file when cgo is not enabled.
This yubikey will always fail.
2020-05-07 18:35:10 -07:00
Mariano Cano
6868190fff Add initial support for yubikey. 2020-05-07 18:22:09 -07:00
Mariano Cano
9f1d95d8bf Fix renew of certificate at the start of the server. 2020-05-07 18:21:11 -07:00
Mariano Cano
e855707dc2
Merge pull request #248 from smallstep/embedded-config-init
Initialize the required config fields on embedded authorities
2020-05-06 14:29:53 -07:00
Mariano Cano
4e544344f9 Initialize the required config fields on embedded authorities.
This change is to make easier the use of embedded authorities. It
can be difficult for third parties to know what fields are required.
The new init methods will define the minimum usable configuration.
2020-05-06 13:00:42 -07:00
Mariano Cano
9499aed6d1
Merge pull request #247 from smallstep/embedded-authority
Create a method to initialize the authority without a config file
2020-05-05 18:17:37 -07:00
Mariano Cano
b5eab009b2 Rename method to NewEmbedded 2020-05-05 17:46:22 -07:00
Mariano Cano
824374bde0 Create a method to initialize the authority without a config file.
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
2020-05-04 18:52:18 -07:00
max furman
ca0861bf17 Add documentation for running HA 2020-05-04 16:44:55 -07:00
max furman
083abf5150 Fix a bit of getting started doc syntax 2020-05-04 16:09:36 -07:00
max furman
8227449746 Add docs for ssh cert duration for authority config.
Fixes #238.
2020-05-01 14:48:14 -07:00
max furman
c1a84c1405 go mod tidy 2020-04-30 18:59:41 -07:00
max furman
1b6bf38b52 Bump cli to v0.14.3 2020-04-30 17:48:58 -07:00
max furman
d40c029582 Fix docs database link. 2020-04-28 10:42:05 -07:00
max furman
30e38dc501 Bumpt the version of cli for a certificates RC. 2020-04-28 09:34:10 -07:00
Mariano Cano
df3b9f637e Use a tagged version of nosql. 2020-04-27 18:13:54 -07:00
Mariano Cano
18869323f4
Merge pull request #234 from smallstep/oidc-multinenant
Add support for multi-tenant OIDC provisioners
2020-04-27 15:21:55 -07:00
Mariano Cano
4e9bff0986 Add support for OIDC multitoken tenants for azure. 2020-04-24 14:36:32 -07:00
Mariano Cano
c7907a4626
Merge pull request #233 from smallstep/oidc-add-user-cert
Add support for user provisioner certificates on OIDC provisioners.
2020-04-24 10:54:25 -07:00
Mariano Cano
8bc3b05232 Add new extra test case. 2020-04-24 10:27:44 -07:00
Mariano Cano
b0ff731d18 Add support for user provisioner certificates on OIDC provisioners.
OIDC provisioners create an SSH certificate with two principals. This
was avoiding the creationg of user provisioner certificates for those
provisioners.

Fixes smallstep/cli#268
2020-04-23 19:42:55 -07:00
Max
59a57d487b
Merge pull request #232 from wishdev/fingerprint
Add root fingerprint to pki if certificate given
2020-04-23 14:49:06 -07:00
John W Higgins
d1f78cf6d2 Add root fingerprint to pki if certificate given
If a root certificate is provided to init an authority the fingerprint
is not currently stored in the default.json file. This patch simply
stores the fingerprint of the supplied certificate.
2020-04-23 13:47:41 -07:00
Max
00998d053d
Merge pull request #231 from smallstep/badgerV1+V2
Simultaneous support for Badger V1+V2 and ...
2020-04-21 10:16:22 -07:00
max furman
95b931bb52 Increase linter timeout limit ...
* Breaking in Travis
2020-04-21 10:10:33 -07:00
max furman
1a34e64c65 Try old method of installing golang linter ...
* Method from docs is broken in travis.
2020-04-21 09:59:54 -07:00
max furman
a179a72342 Update installer location of golangci-lint. 2020-04-21 09:39:48 -07:00
max furman
3c0970c28a Bump golangci-lint to v1.24.0 2020-04-21 09:35:57 -07:00
max furman
3be95a82d0 Update version of nosql. 2020-04-21 09:27:42 -07:00
Mariano Cano
7861069018 Fix command in distribution.md. 2020-04-20 17:42:29 -07:00
max furman
d51f254ee4 ValueLogLoadingMode -> FileLoading Mode badger 2020-04-20 16:09:07 -07:00
Mariano Cano
2993ccf16d
Merge pull request #230 from smallstep/empty-common-names
Remove the requirement for CSR to have a common name
2020-04-20 15:53:14 -07:00
Mariano Cano
a2dfa6faa8 Fix unit tests. 2020-04-20 12:29:23 -07:00
max furman
0573c00bd3 Simultaneous support for Badger V1+V2 and ...
* valueLogLoadingMode config for low RAM badger environments
2020-04-20 11:46:47 -07:00
Mariano Cano
13507efb35 Remove the requirement for CSR to have a common name.
Fixes #226
2020-04-20 10:43:33 -07:00
Mariano Cano
bcc5a91d17
Merge pull request #227 from smallstep/disable-forward-agent
Do not enable by default ForwardAgent
2020-04-15 17:27:18 -07:00
Mariano Cano
02ed784a9b Do not enable by default ForwardAgent. 2020-04-15 11:17:24 -07:00