Commit Graph

26 Commits

Author SHA1 Message Date
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
Mariano Cano
9408d0f24b Send RA provisioner information to the CA 2022-08-02 19:28:49 -07:00
Mariano Cano
3aebe8d019 Add missing comma in comment. 2022-04-15 12:19:32 -07:00
Mariano Cano
37b521ec6c
Merge branch 'master' into feat/vault 2022-04-11 14:57:45 -07:00
Mariano Cano
abf5fc32a3 Format comment. 2022-03-29 14:26:17 -07:00
Mariano Cano
c480936ba4 Split comments. 2022-03-29 12:02:17 -07:00
Mariano Cano
955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2022-03-28 17:54:35 -07:00
Ahmet DEMIR
d957a57e24
fix: apply mariano suggestions and fixes
* use json.RawMessage to remote mapstructure in options
* use vault secretid structure to support multiple source aka string, file and env
* remove log prefix
* return raw cert on error on newline for cert and csr
* clean sans, commonName in createCertificate (bad copy/paste from StepCAS)
* verify authority fingerprint
* convert serial on revoke to bigint, bytes and vault dashed representation
2022-01-20 10:16:47 +01:00
Ahmet DEMIR
16390694e1
feat(vault): adding hashicorp vault cas 2022-01-14 18:56:17 +01:00
Ahmet DEMIR
26d7b70957
feat(cas): add generic Config parameter to allow more flexible configuration on CAS 2022-01-13 20:31:37 +01:00
Mariano Cano
de719eb6f0 Add an option to avoid password prompts on step cas
When we are using `step ca init` to create a stepcas RA we don't
have access to the password for verify the provisioner.
2021-08-04 16:16:35 -07:00
Mariano Cano
35e6cc275a Fix typos in comments. 2021-06-23 09:35:14 +02:00
Mariano Cano
ac3c754a6d Use known CA and add tier and gcs bucket options. 2021-06-08 17:43:52 -07:00
Mariano Cano
529eb4bae9 Rename CAPool to CaPool. 2021-06-07 19:20:23 -07:00
Mariano Cano
072bd0dcf4 Add support for Google CAS v1 2021-06-03 19:31:19 -07:00
Mariano Cano
d9f93ccfde Fix typo. 2021-03-24 12:06:29 -07:00
Mariano Cano
edc7c4d90e Add support for password encrypted files 2021-03-23 17:54:42 -07:00
Mariano Cano
a6115e29c2 Add initial implementation of StepCAS.
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
2021-03-17 19:33:35 -07:00
Miclain K Keffeler
7a1eb43bb1
Update options.go 2020-12-28 17:12:37 -06:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
2b4b902975 Add initial support for step ca init with cloud cas.
Fixes smallstep/cli#363
2020-11-03 12:44:28 -08:00
Mariano Cano
9f21813dd6 Rename option. 2020-10-19 18:44:27 -07:00
Mariano Cano
fa099f2ae2 Change method name. 2020-09-21 15:11:25 -07:00
Mariano Cano
aad8f9e582 Pass issuer and signer to softCAS options.
Remove commented code and initialize CAS properly.
Minor fixes in CloudCAS.
2020-09-10 19:09:46 -07:00
Mariano Cano
c8d9cb0a1d Complete cloudcas using CAS v1beta1. 2020-09-10 16:19:18 -07:00
Mariano Cano
1b1f73dec6 Early attempt to develop a CAS interface. 2020-09-08 19:26:32 -07:00