Commit graph

2200 commits

Author SHA1 Message Date
Herman Slatman
f34d68897a
Refactor retrieval of provisioner into middleware 2021-10-08 14:29:44 +02:00
Herman Slatman
0afea2e957
Improve tests for already bound EAB keys 2021-10-08 13:19:35 +02:00
Herman Slatman
9d4cafc4bd
Merge branch 'master' into hs/acme-eab 2021-10-08 10:33:09 +02:00
Mariano Cano
9cb1f213d8
Merge pull request #719 from smallstep/ui-windows
Initialize windows terminal on all binaries.
2021-10-07 12:48:57 -07:00
Mariano Cano
205148ad1f Fix exit after defer. 2021-10-07 12:43:24 -07:00
Mariano Cano
48549bf317 Initialize windows terminal on all binaries. 2021-10-07 11:09:32 -07:00
Mariano Cano
896fd5efae
Merge pull request #715 from smallstep/template-vars
Fix ssh template variables when CA is injected using options.
2021-09-29 10:43:20 -07:00
Mariano Cano
9fb6df3abb Fix ssh template variables when CA is injected using options. 2021-09-28 18:50:45 -07:00
max furman
afe1980d13 changelog update for 0.17.4 2021-09-28 16:15:23 -07:00
Mariano Cano
4a899fbafc
Merge pull request #714 from smallstep/host-or-user-only-ssh-ca
SSH host or SSH user only CA
2021-09-28 16:11:23 -07:00
Mariano Cano
42e2635848 Add entry in changelog. 2021-09-28 15:59:48 -07:00
Mariano Cano
aedd7fcc05 Be able to start a SSH host or SSH user only CA
In previous versions if the host or user CA is not configured, the
start of step-ca was crashing. This allows to configure a user or
host only ssh ca.
2021-09-28 15:07:09 -07:00
Max
3f44dae26a
Merge pull request #713 from smallstep/max/release
[action] update release URLs in header
2021-09-27 16:41:29 -07:00
max furman
6aaa7853b2 [action] update release URLs in header 2021-09-27 16:24:01 -07:00
max furman
ba17869deb changelog update for 0.17.3 2021-09-24 14:24:28 -07:00
Mariano Cano
28bd2ef6c1
Merge pull request #711 from smallstep/oidc-admin-group
Check for admins in both emails and groups.
2021-09-24 13:56:13 -07:00
Mariano Cano
963eaf8882 Fix line in changelog 2021-09-24 13:50:47 -07:00
Mariano Cano
9eb757797e Add line to changelog. 2021-09-24 13:50:10 -07:00
Mariano Cano
a50654b468 Check for admins in both emails and groups. 2021-09-23 15:49:28 -07:00
Mariano Cano
7f00cc7aad Clarify changelog feature. 2021-09-22 17:41:12 -07:00
Mariano Cano
2ae6b42cfe Add missing feature to the changelog. 2021-09-22 16:39:23 -07:00
Mariano Cano
2cf4127310
Merge pull request #710 from smallstep/upgrade-go-jose
Upgrade go-jose.v2
2021-09-22 15:22:53 -07:00
Mariano Cano
ad82d8a250 Upgrade go.step.sm/crypto as long with go-jose.v2
There was a typo in the OKP template causing bad fingerprints for
Ed25519 keys.

See a10ff54e00

Fixes #705
2021-09-22 15:15:19 -07:00
max furman
2d5bfd3485 fix comment 2021-09-22 11:56:52 -07:00
Carl Tashian
04784be03e
Update cert-renewer@.service
Wrap command line env variables in braces so they are treated as a single argument (rather than split on whitespace)
2021-09-21 17:23:29 -07:00
Mariano Cano
845fa07064
Merge pull request #708 from smallstep/helm-fix
Use badgerv2 the default DB in helm
2021-09-17 12:59:04 -07:00
Mariano Cano
4fde7b5250 Use badgerv2 the default in helm too.
Use also port 443 for the ca-url, as we usually access through the
service, this can be overridden by --with-ca-url flag in the cli.
2021-09-17 12:49:16 -07:00
Herman Slatman
c2bc1351c6
Add provisioner to remove endpoint and clear reference index on delete 2021-09-17 17:48:09 +02:00
Herman Slatman
746c5c9fd9
Disallow creation of EAB keys with non-unique references 2021-09-17 17:25:19 +02:00
Herman Slatman
9c0020352b
Add lookup by reference and make reference optional 2021-09-17 17:08:02 +02:00
Herman Slatman
02cd3b6b3b
Fix PR comments 2021-09-16 23:09:24 +02:00
Mariano Cano
ebf1afa96e
Merge pull request #707 from smallstep/password-flags
Add support for setting individual password for ssh and tls keys
2021-09-16 13:50:03 -07:00
Mariano Cano
cfe08ad6fe Add flags to usage. 2021-09-16 12:05:23 -07:00
Mariano Cano
6729c79253 Add support for setting individual password for ssh and tls keys
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
2021-09-16 11:55:41 -07:00
Herman Slatman
66464ae302
Merge branch 'master' into hs/acme-eab 2021-09-16 18:20:39 +02:00
max furman
8df9f629b1 go mod tidy 2021-09-16 00:14:06 -07:00
Max
4daef5dd0b
Merge pull request #703 from hslatman/hs/update-pkcs7
Update go.mozilla.org/pkcs7
2021-09-16 00:12:34 -07:00
Herman Slatman
73d0a11a20
Update github.com/micromdm/scep/v2 2021-09-16 08:29:25 +02:00
Herman Slatman
611859eec4
Update go.mozilla.org/pkcs7
This includes the fix as described in https://github.com/mozilla-services/pkcs7/pull/59,
which was the reason a fork of the library was used.
2021-09-16 08:24:28 +02:00
Carl Tashian
e3acea9704 Add release page link to install docs 2021-09-15 10:30:04 -07:00
Max
23add69c9b
Merge pull request #702 from smallstep/max/release-header
[action] add official package links to github release header (via goreleaser)
2021-09-13 09:59:32 -07:00
max furman
6d644ddb2a [action] goreleaser pkg link cli -> certificates 2021-09-12 21:32:22 -07:00
max furman
fcf322023a [action] goreleaser github release footer fix missing close braces 2021-09-11 14:42:02 -07:00
max furman
494da3d668 [action] goreleaser header packages 2021-09-11 13:05:17 -07:00
max furman
2cce795d8f [action] reference correct pub key in cosign example release header 2021-09-09 16:53:47 -07:00
max furman
8a99f7e458 [action] add header and footer to github release page 2021-09-09 16:37:43 -07:00
Mariano Cano
ae42daf288
Merge pull request #700 from smallstep/cloudcas-signature-algorithm
Allow to kms signers to define the SignatureAlgorithm
2021-09-09 12:55:45 -07:00
Mariano Cano
e4e799ca85 Fix typos in comment. 2021-09-09 12:45:29 -07:00
Mariano Cano
6e0d515a55 Add entry to changelog. 2021-09-08 17:49:15 -07:00
Mariano Cano
6d644880bd Allow to kms signers to define the SignatureAlgorithm
CloudKMS keys signs data using an specific signature algorithm, in RSA keys,
this can be PKCS#1 RSA or RSA-PSS, if the later is used, x509.CreateCertificate
will fail unless the template SignatureCertificate is properly set.

On contrast, AWSKMS RSA keys, are just RSA keys, and can sign with PKCS#1 or
RSA-PSS schemes, so right now the way to enforce one or the other is to used
templates.
2021-09-08 17:48:50 -07:00