smallstep-certificates/pki/testdata/helm/with-admin.yml

# Helm template
inject:
  enabled: true
  # Config contains the configuration files ca.json and defaults.json
  config:
    files:
      ca.json:
        root: /home/step/certs/root_ca.crt
        federateRoots: []
        crt: /home/step/certs/intermediate_ca.crt
        key: /home/step/secrets/intermediate_ca_key
        address: 127.0.0.1:9000
        dnsNames:
          - 127.0.0.1
        logger:
          format: json
        db:
          type: badgerv2
          dataSource: /home/step/db
        authority:
          enableAdmin: true
          provisioners:
        tls:
          cipherSuites:
            - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
            - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
          minVersion: 1.2
          maxVersion: 1.3
          renegotiation: false

      defaults.json:
        ca-url: https://127.0.0.1
        ca-config: /home/step/config/ca.json
        fingerprint: 
        root: /home/step/certs/root_ca.crt

  # Certificates contains the root and intermediate certificate and 
  # optionally the SSH host and user public keys
  certificates:
    # intermediate_ca contains the text of the intermediate CA Certificate
    intermediate_ca: |
      
      
    # root_ca contains the text of the root CA Certificate
    root_ca: |
      

  # Secrets contains the root and intermediate keys and optionally the SSH
  # private keys
  secrets:
    # ca_password contains the password used to encrypt x509.intermediate_ca_key, ssh.host_ca_key and ssh.user_ca_key
    # This value must be base64 encoded.
    ca_password: 
    provisioner_password: 

    x509:
      # intermediate_ca_key contains the contents of your encrypted intermediate CA key
      intermediate_ca_key: |
        

      # root_ca_key contains the contents of your encrypted root CA key
      # Note that this value can be omitted without impacting the functionality of step-certificates
      # If supplied, this should be encrypted using a unique password that is not used for encrypting
      # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
      root_ca_key: |
Add tests for writing the Helm template 2022-10-11 15:18:19 +00:00			`# Helm template`
			`inject:`
			`enabled: true`
			`# Config contains the configuration files ca.json and defaults.json`
			`config:`
			`files:`
			`ca.json:`
			`root: /home/step/certs/root_ca.crt`
			`federateRoots: []`
			`crt: /home/step/certs/intermediate_ca.crt`
			`key: /home/step/secrets/intermediate_ca_key`
			`address: 127.0.0.1:9000`
			`dnsNames:`
			`- 127.0.0.1`
			`logger:`
			`format: json`
			`db:`
			`type: badgerv2`
			`dataSource: /home/step/db`
			`authority:`
			`enableAdmin: true`
			`provisioners:`
			`tls:`
			`cipherSuites:`
			`- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`
			`- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
			`minVersion: 1.2`
			`maxVersion: 1.3`
			`renegotiation: false`

			`defaults.json:`
			`ca-url: https://127.0.0.1`
			`ca-config: /home/step/config/ca.json`
			`fingerprint:`
			`root: /home/step/certs/root_ca.crt`

			`# Certificates contains the root and intermediate certificate and`
			`# optionally the SSH host and user public keys`
			`certificates:`
			`# intermediate_ca contains the text of the intermediate CA Certificate`
			`intermediate_ca: \|`


			`# root_ca contains the text of the root CA Certificate`
			`root_ca: \|`


			`# Secrets contains the root and intermediate keys and optionally the SSH`
			`# private keys`
			`secrets:`
			`# ca_password contains the password used to encrypt x509.intermediate_ca_key, ssh.host_ca_key and ssh.user_ca_key`
			`# This value must be base64 encoded.`
			`ca_password:`
			`provisioner_password:`

			`x509:`
			`# intermediate_ca_key contains the contents of your encrypted intermediate CA key`
			`intermediate_ca_key: \|`


			`# root_ca_key contains the contents of your encrypted root CA key`
			`# Note that this value can be omitted without impacting the functionality of step-certificates`
			`# If supplied, this should be encrypted using a unique password that is not used for encrypting`
			`# the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.`
			`root_ca_key: \|`