Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-10-31 03:20:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,526 Commits 37 Branches 223 Tags 44 MiB
05daf22a1e
Commit Graph

90 Commits

Author SHA1 Message Date
max furman
19a3cd10a1 [docs] provisioners fix attr dupe and give warning about stale docs 2020-11-18 16:57:24 -08:00
Anton Lundin
3e6137110b Add support for using ssh-agent as a KMS 
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
 2020-11-04 09:06:23 +01:00
Carl Tashian
80beff6ce3 Update READMEs with links to new docs 2020-10-27 16:20:45 -07:00
Nico Domino
8aae8a6153
Update provisioners.md 
Swapped markdown URL / Text
 2020-10-25 10:52:23 +01:00
Mariano Cano
341dc1c3ea Remove merge data. 2020-10-19 18:55:30 -07:00
Mariano Cano
6a818ebc92 Merge branch 'master' into ra-init 2020-10-19 18:53:55 -07:00
Mariano Cano
2ec0c24e98 Update docs for RA. 2020-10-19 18:43:11 -07:00
Mariano Cano
6049d42b5f
Change title to match with CAS 2020-10-19 11:30:00 -07:00
Mariano Cano
7d1686dc53 Add option to specify the AWS IID certificates to use. 
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
 2020-10-13 17:51:24 -07:00
Mariano Cano
647b9b4541
Merge pull request #367 from smallstep/cas 
Support for CAS Interface and CloudCAS
 2020-10-05 18:09:01 -07:00
Carl Tashian
329f401e58
Update cas.md 
Needed to run two commands to set up IAM roles because passing `--role` twice only uses the second value passed.
 2020-09-29 15:46:53 -07:00
Carl Tashian
3f55f22b2e
Update cas.md 
Added `--location` flag to a couple of the commands
 2020-09-29 15:24:15 -07:00
Mariano Cano
7d779e12db Change service account name. 2020-09-24 12:45:19 -07:00
Mariano Cano
52d857a302 Update CloudCAS instructions. 2020-09-24 12:43:25 -07:00
Mariano Cano
066c7ee10b Fix iam permissions. 2020-09-24 12:37:29 -07:00
Carl Tashian
fd07e25e61 Change Gitter links to GH Discussions tab 2020-09-23 16:36:37 -07:00
Mariano Cano
42ce78ed43 Add initial docs for CAS. 2020-09-22 13:32:48 -07:00
max furman
e8c5a3b320 Document concurrency limitations in ACME server 
- in concurrency / HA section
 2020-08-07 13:48:35 -07:00
Carl Tashian
c1e6c0285a
Merge pull request #325 from smallstep/readme-updates 
README updates, round 2
 2020-07-20 18:56:37 -05:00
Carl Tashian
ed89367fca Round 2 of README updates 2020-07-20 14:10:36 -07:00
Ilias Trichopoulos
7d5552f53e Fix service logs path 2020-07-14 08:48:43 +02:00
Ilias Trichopoulos
6d8b4a1b9a Fix service name 2020-07-14 08:48:18 +02:00
Ilias Trichopoulos
730639d2a3 Fix service user name 
In `ExecStart` the user used us `smallstep` so the same user should be defined in `useradd`.
 2020-07-14 08:48:18 +02:00
max furman
b5699892ad Add github response to frequenty asked questions doc 
- security risks of exposing the OAuth Client Secret in the output of
  `step ca provisioner list`
 2020-07-08 15:18:30 -07:00
mkontani
feadaa6c56
docs: fix provisioner type 
Signed-off-by: mkontani <itoama@live.jp>
 2020-06-30 04:32:42 +09:00
max furman
84d9bf86f5 Add forceCN option in ACME provisioner doc 2020-06-26 10:42:13 -07:00
max furman
5752408618 Document the ACME, SSHPOP, X5C, and K8sSA provisioners. 
- Fixes #266, #293, #294
 2020-06-25 17:29:25 -07:00
max furman
c7a6385913 Add authz capabilities table to provisioners doc 2020-06-24 14:13:03 -07:00
max furman
54be8889cd Correct attribute names for SSH claims in provisioner docs 2020-06-16 10:58:58 -07:00
max furman
aaec9931f4 Add RHEL/Centos install docs and a section on systemctl config 2020-06-15 20:19:44 -07:00
max furman
c4f1eea5dc Correct badger file loading mode documentation. 2020-05-29 10:04:58 -07:00
max furman
d9a1fb7e5d Recommend badgerV2 in badger extra options documentation. 2020-05-28 15:00:55 -07:00
Mariano Cano
deac15327f Add docs for AWS KMS. 2020-05-20 12:30:32 -07:00
Mariano Cano
3e40cb89a7 Add some docs for YubiKey configuration. 2020-05-15 12:24:25 -07:00
max furman
ca0861bf17 Add documentation for running HA 2020-05-04 16:44:55 -07:00
max furman
083abf5150 Fix a bit of getting started doc syntax 2020-05-04 16:09:36 -07:00
max furman
8227449746 Add docs for ssh cert duration for authority config. 
Fixes #238.
 2020-05-01 14:48:14 -07:00
max furman
d40c029582 Fix docs database link. 2020-04-28 10:42:05 -07:00
max furman
0573c00bd3 Simultaneous support for Badger V1+V2 and ... 
* valueLogLoadingMode config for low RAM badger environments
 2020-04-20 11:46:47 -07:00
Carl Tashian
164e4ef2d0 Add Build From Source instructions 2020-03-09 13:24:02 -07:00
Carl Tashian
be4b853d3a Typo fix 2020-03-02 09:45:21 -08:00
Carl Tashian
681e15deeb Replace broken aws-cli commands with a Python script 2020-02-26 17:27:03 -08:00
Carl Tashian
76a077ba3e Add CFSSL instructions 2020-02-26 10:59:38 -08:00
Carl Tashian
a1debf7b1e FAQ Update: Intermediate certificates should be valid for 10 years 2020-02-26 10:17:32 -08:00
Carl Tashian
043233f90f Update FAQ: I already have PKI 2020-02-24 12:16:16 -08:00
Mariano Cano
32c2558b58 Replace project in output. 2020-02-21 10:55:42 -08:00
Mariano Cano
334d191563 Fix docs. 2020-02-21 10:53:22 -08:00
Mariano Cano
8604c31818 Fix in documentation. 2020-02-21 10:51:43 -08:00
Mariano Cano
55e661bd26 Add initial docs for cloud kms. 2020-02-18 19:07:42 -08:00
Joseph Voss
f53f4720ad Fix formatting around step certificate install link 2019-10-14 14:51:03 -07:00