Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add instanceAge and projectIds docs.

Browse Source
This commit is contained in:
Mariano Cano 2019-06-05 10:50:08 -07:00
parent 536ec36b9e
commit a36972d840
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/provisioners.md
View File

@ -177,6 +177,7 @@ In the ca.json, an AWS provisioner looks like:
"accounts": ["1234567890"], "accounts": ["1234567890"],
"disableCustomSANs": false, "disableCustomSANs": false,
"disableTrustOnFirstUse": false, "disableTrustOnFirstUse": false,
"instanceAge": "1h",
"claims": { "claims": {
"maxTLSCertDuration": "2160h", "maxTLSCertDuration": "2160h",
"defaultTLSCertDuration": "2160h" "defaultTLSCertDuration": "2160h"
@ -201,6 +202,9 @@ In the ca.json, an AWS provisioner looks like:
granted per instance, but if the option is set to true this limit is not set granted per instance, but if the option is set to true this limit is not set
and different tokens can be used to get different certificates. and different tokens can be used to get different certificates.
* `instanceAge` (optional): the maximum age of an instance to grant a
certificate. The instance age is a string using the duration format.
* `claims` (optional): overwrites the default claims set in the authority, see * `claims` (optional): overwrites the default claims set in the authority, see
the [JWK](#jwk) section for all the options. the [JWK](#jwk) section for all the options.
@ -217,8 +221,10 @@ In the ca.json, a GCP provisioner looks like:
"type": "GCP", "type": "GCP",
"name": "Google Cloud", "name": "Google Cloud",
"serviceAccounts": ["1234567890"], "serviceAccounts": ["1234567890"],
"projectIDs": ["project-id"],
"disableCustomSANs": false, "disableCustomSANs": false,
"disableTrustOnFirstUse": false, "disableTrustOnFirstUse": false,
"instanceAge": "1h",
"claims": { "claims": {
"maxTLSCertDuration": "2160h", "maxTLSCertDuration": "2160h",
"defaultTLSCertDuration": "2160h" "defaultTLSCertDuration": "2160h"
@ -235,6 +241,9 @@ In the ca.json, a GCP provisioner looks like:
allowed to use this provisioner. If none is specified, all service accounts allowed to use this provisioner. If none is specified, all service accounts
will be valid. will be valid.
* `projectIDs` (optional): the list of project identifiers that are allowed to
use this provisioner. If non is specified all project will be valid.
* `disableCustomSANs` (optional): by default custom SANs are valid, but if this * `disableCustomSANs` (optional): by default custom SANs are valid, but if this
option is set to true only the SANs available in the instance identity option is set to true only the SANs available in the instance identity
document will be valid, these are the DNS document will be valid, these are the DNS
@ -245,6 +254,9 @@ In the ca.json, a GCP provisioner looks like:
granted per instance, but if the option is set to true this limit is not set granted per instance, but if the option is set to true this limit is not set
and different tokens can be used to get different certificates. and different tokens can be used to get different certificates.
* `instanceAge` (optional): the maximum age of an instance to grant a
certificate. The instance age is a string using the duration format.
* `claims` (optional): overwrites the default claims set in the authority, see * `claims` (optional): overwrites the default claims set in the authority, see
the [JWK](#jwk) section for all the options. the [JWK](#jwk) section for all the options.