mirror of
https://github.com/smallstep/certificates.git
synced 2024-10-31 03:20:16 +00:00
Add option to not store certificates in the pkcs11 module.
This commit is contained in:
parent
50e9018a44
commit
162c535705
@ -42,6 +42,7 @@ type Config struct {
|
||||
RootFile string
|
||||
KeyFile string
|
||||
Pin string
|
||||
NoCerts bool
|
||||
EnableSSH bool
|
||||
Force bool
|
||||
}
|
||||
@ -105,6 +106,7 @@ func main() {
|
||||
flag.StringVar(&c.RootFile, "root", "", "Path to the root certificate to use.")
|
||||
flag.StringVar(&c.KeyFile, "key", "", "Path to the root key to use.")
|
||||
flag.BoolVar(&c.EnableSSH, "ssh", false, "Enable the creation of ssh keys.")
|
||||
flag.BoolVar(&c.NoCerts, "no-certs", false, "Do not store certificates in the module.")
|
||||
flag.BoolVar(&c.Force, "force", false, "Force the delete of previous keys.")
|
||||
flag.Usage = usage
|
||||
flag.Parse()
|
||||
@ -145,7 +147,7 @@ func main() {
|
||||
}
|
||||
if !c.Force {
|
||||
for _, u := range certUris {
|
||||
if u != "" {
|
||||
if u != "" && !c.NoCerts {
|
||||
checkObject(k, u)
|
||||
}
|
||||
}
|
||||
@ -161,7 +163,7 @@ func main() {
|
||||
})
|
||||
if ok {
|
||||
for _, u := range certUris {
|
||||
if u != "" {
|
||||
if u != "" && !c.NoCerts {
|
||||
if err := deleter.DeleteCertificate(u); err != nil {
|
||||
fatal(err)
|
||||
}
|
||||
@ -285,7 +287,7 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||
return errors.Wrap(err, "error parsing root certificate")
|
||||
}
|
||||
|
||||
if cm, ok := k.(kms.CertificateManager); ok {
|
||||
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
|
||||
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
||||
Name: c.RootObject,
|
||||
Certificate: root,
|
||||
@ -362,7 +364,7 @@ func createPKI(k kms.KeyManager, c Config) error {
|
||||
return errors.Wrap(err, "error parsing intermediate certificate")
|
||||
}
|
||||
|
||||
if cm, ok := k.(kms.CertificateManager); ok {
|
||||
if cm, ok := k.(kms.CertificateManager); ok && !c.NoCerts {
|
||||
if err = cm.StoreCertificate(&apiv1.StoreCertificateRequest{
|
||||
Name: c.CrtObject,
|
||||
Certificate: intermediate,
|
||||
|
Loading…
Reference in New Issue
Block a user