forked from TrueCloudLab/certificates
3e6137110b
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys for issuing ssh certificates signed by a key managed by a ssh-agent. It uses the golang.org/x/crypto package to get a native Go implementation to talk to a ssh-agent. This was primarly written to be able to use gpg-agent to provide the keys stored in a YubiKeys openpgp interface, but can be used for other setups like proxying a ssh-agent over network. That way the signing key for ssh certificates can be kept in a "sign-only" hsm. This code was written for my employer Intinor AB, but for simplicity sake gifted to me to contribute upstream. Signed-off-by: Anton Lundin <glance@acc.umu.se> |
||
|---|---|---|
| .. | ||
| provisioner | ||
| testdata | ||
| authority.go | ||
| authority_test.go | ||
| authorize.go | ||
| authorize_test.go | ||
| config.go | ||
| config_test.go | ||
| options.go | ||
| provisioners.go | ||
| provisioners_test.go | ||
| root.go | ||
| root_test.go | ||
| ssh.go | ||
| ssh_test.go | ||
| tls.go | ||
| tls_options.go | ||
| tls_options_test.go | ||
| tls_test.go | ||
| types.go | ||
| types_test.go | ||
| version.go | ||