Commit graph

34 commits

Author SHA1 Message Date
Mariano Cano
8dca652bc7 Add support for PKCS #11 KMS.
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
2021-01-26 20:03:53 -08:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
2020-11-04 09:06:23 +01:00
Mariano Cano
40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 2020-10-29 13:10:03 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
2020-10-05 18:09:01 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00
Mariano Cano
ddb4ca7a74 Move load of kms to main package.
With this change packages that import the authority won't load by
default all the supported kms with all its dependencies.

Fixes #228
2020-06-12 14:55:35 -07:00
Mariano Cano
869ef70211
Merge pull request #172 from 256dpi/master
Added Resolver Option
2020-02-12 12:42:08 -08:00
Sebastian Tiedtke
f2b95647f3 Use date range in copyright 2020-02-10 09:55:21 -08:00
Joël Gähwiler
445fcbe621 added resolver 2020-02-01 13:00:39 +02:00
Mariano Cano
4d423137f0 Re-enable profiler. 2020-01-28 13:29:39 -08:00
Mariano Cano
c60641701b Add version endpoint. 2020-01-28 13:28:16 -08:00
Alan Christopher Thomas
8f08b47a9c Rough wiring for basics of connecting to onboarding flow 2020-01-28 13:28:16 -08:00
Mariano Cano
5013f7ffe0 Move ca commands to its own package. 2019-09-12 12:51:07 -07:00
Mariano Cano
0efae31a29 Generate PKI and start server using onboarding. 2019-09-11 19:16:08 -07:00
Mariano Cano
bca5dcc326 Remove url from error message. 2019-09-11 17:36:48 -07:00
Mariano Cano
0c654d93ea Create method for onboard action and clean code. 2019-09-11 17:33:27 -07:00
Alan Christopher Thomas
c0d1399c38 Change onboarding bootstrap command to step-ca onboard
cc @sourishkrout @maraino
2019-09-11 14:54:54 -06:00
Alan Christopher Thomas
7c0622e50e Make note about adding "admin" JWT provisioner 2019-09-10 22:56:30 -06:00
Alan Christopher Thomas
21baa69473 Fix linting errors and remove useless code 2019-09-10 22:56:19 -06:00
Alan Christopher Thomas
15f2935db1 Rough wiring for basics of connecting to onboarding flow 2019-09-10 16:29:03 -06:00
Mariano Cano
10e7b81b9f Merge branch 'master' into ssh-ca 2019-09-05 23:06:01 +02:00
max furman
e3bd2d0e2b Custom AppHelpTemplate for step-ca 2019-08-29 15:58:07 -07:00
Mariano Cano
00ebee870b Do not show value on boolean flags help. 2019-08-01 13:13:50 -07:00
Mariano Cano
6592c4784b Fix flag parsing after the configuration file
Fixes #52
2019-03-18 12:38:19 -07:00
Sebastian Tiedtke
70f0a0e182 It's 2019 2019-01-14 15:12:07 -08:00
Mariano Cano
3f0a55418c Fix lint errors. 2018-11-26 18:28:07 -08:00
max furman
55d40a7f86 Change - overwrite help subcommand 2018-11-26 16:24:11 -05:00
max furman
054846d449 Fix version info CLI -> CA 2018-11-26 15:42:18 -05:00
max furman
86424b5b79 fix gofmt error 2018-11-26 15:36:33 -05:00
max furman
95d4d9c4c1 update the help and usage information 2018-11-26 15:34:35 -05:00
Mariano Cano
e0877a03f2 Add version flag to step-ca. 2018-11-08 11:45:19 -08:00
max furman
c74fcd57a7 ca-component -> certificates
* fix redundant error check
* add README
2018-10-31 21:36:01 -07:00
max furman
c284a2c0ab first commit 2018-10-05 21:48:36 +00:00