Commit Graph

47 Commits

Author SHA1 Message Date
Carl Tashian
38140c5765
Update Dockerfile.hsm to use Debian bookworm 2023-12-04 18:10:39 -08:00
Carl Tashian
73cb04318a
Trying a different approach 2023-06-21 14:44:16 -07:00
francescocapuano
7f54153a1b Add DOCKER_STEPCA_INIT_PASSWORD_FILE variable for docker secrets
Add the management of the DOCKER_STEPCA_INIT_PASSWORD_FILE variable.  over DOCKER_STEPCA_INIT_PASSWORD.
If both are used only DOCKER_STEPCA_INIT_PASSWORD_FILE will be used.
2023-05-10 14:11:41 +02:00
Carl Tashian
df2909e712
Further docker simplifications 2023-03-21 15:01:02 -07:00
Carl Tashian
25e35aa0ad
Small dockerfile refactor 2023-03-21 14:58:03 -07:00
Carl Tashian
b92f37a61d
Use cloud tag on step-kms-plugin 2023-03-21 09:59:16 -07:00
Carl Tashian
4378300c80
Update cache before installing packages 2023-03-06 09:40:50 -08:00
Carl Tashian
79b3924322
Fix docker tags 2023-03-06 09:25:43 -08:00
Carl Tashian
12d8ca526a
Update Dockerfile.hsm to use debian:bullseye base image 2023-03-02 15:42:09 -05:00
Michel Jung
ebe7e5d019
Add DOCKER_STEPCA_INIT_ADDRESS
This allows configuring "--address" instead of using hard-coded :9000
2023-02-08 22:22:45 +01:00
Mariano Cano
3b1be62663
Add step-kms-plugin to docker images and build a CGO based one 2023-01-26 16:52:19 -08:00
Mariano Cano
39f46d31b9
Remove deprecated binaries
This commit removes the following deprecated binaries:

 - step-awskms-init
 - step-cloudkms-init
 - step-pkcs11-init
 - step-yubikey-init

From now on step and step-kms-plugin should be used to initialize the
PKI in AWS KMS, GCP KMS, PKCS#11 modules or YubiKeys.

A future commit will add step-kms-plugin to the docker images of
step-ca.

Fixes #1046
2023-01-23 16:30:55 -08:00
Carl Tashian
2ab9483952
Only pass --admin-subject if --remote-management is true; fix overall boolean handling 2023-01-11 11:19:39 -08:00
Carl Tashian
dc8b196823
Print admin username and pw after init 2023-01-10 09:57:47 -08:00
Carl Tashian
328276eaeb
Shred provisioner password 2023-01-09 18:01:14 -08:00
Carl Tashian
ad5cbd9a0e
Print and delete provisioner password on setup 2023-01-09 17:59:33 -08:00
Carl Tashian
a017238874
No need for PROVISIONER_PWDPATH 2023-01-09 17:23:47 -08:00
Carl Tashian
313bf2354b
Check for existance of pwdpath before copying 2023-01-09 17:08:24 -08:00
Carl Tashian
640bd0b7c7
Tabs to spaces 2023-01-09 16:51:36 -08:00
Carl Tashian
c836c7ab40
Backward compatibility 2023-01-09 16:48:31 -08:00
Carl Tashian
8242895909
Update hsm dockerfile as well 2023-01-09 16:39:34 -08:00
Carl Tashian
844cfd3bad
Generate and use independent provisioner and private key passwords 2023-01-09 16:36:00 -08:00
Herman Slatman
4e3a6e67f1
Add env vars for enabling Remote Management and ACME provisioner.
A `step-ca` instance created in a container can now be initialized
with Remote Management by setting `DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT`.
An ACME provisioner with default settings can be created at initialization
by setting `DOCKER_STEPCA_INIT_ACME`.
2022-12-07 22:00:39 -07:00
Mariano Cano
18555a3cb2
Split build and download in Dockerfiles
On systems with low resources the command `go mod download` can fail.
This causes long builds of the docker images. This change adds a new
layer in the docker build splitting the build and download in two
steps.

Fixes #1114
2022-10-19 17:57:50 -07:00
Jakob Schlyter
c1425422dd include support for GCP and AWS KMS by default 2022-04-25 14:25:31 +02:00
Jakob Schlyter
df8eca2c19 space 2022-04-25 14:14:23 +02:00
Jakob Schlyter
66ba6048a4 start pcscd if installed 2022-04-24 11:08:51 +02:00
Jakob Schlyter
6ee48ca631 add pcsc-lite 2022-04-24 10:59:26 +02:00
Jakob Schlyter
221ced5c51 add Dockerfile for building with HSM support 2022-04-23 10:49:33 +02:00
Carl Tashian
f738cb43c3 Make the default provisioner name optional; change DNS names variable name 2021-08-18 13:37:58 -07:00
Carl Tashian
4e8e4c638e Add newline to password file for readabiliy 2021-08-18 12:50:14 -07:00
Carl Tashian
bc63829111 Auto-generate password by default 2021-08-18 11:11:05 -07:00
Carl Tashian
7ab26c8303 Auto-generate password by default 2021-08-18 11:09:26 -07:00
Carl Tashian
8d52379771 New Dockerfile with entrypoint script for easy CA init 2021-08-17 17:17:28 -07:00
Carl Tashian
3b31c6d2f5 Change HEALTHCHECK to use step ca health. Change shell CMD exec to skip redundant /bin/sh -c 2020-09-08 09:44:35 -07:00
Carl Tashian
6ffc438ed1 Update Dockerfile.step-ca to match best practices
- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)
2020-09-02 11:41:47 -07:00
Carl Tashian
9815a38a2c Fixes #344; also gets docker buildx working on both darwin & linux 2020-08-12 19:50:47 -07:00
Moritz Marquardt
da18defd94 Let step-ca bind to ports < 1024 2020-02-06 12:35:40 +00:00
max furman
2871d0b68b bump Docker to latest tag 2019-05-08 12:26:21 -07:00
Mariano Cano
c099795122 Revert use latest version as it does not yet exists. 2019-03-28 11:28:39 -07:00
Mariano Cano
ce54927dab Use latest tag. 2019-03-27 12:02:27 -07:00
Mariano Cano
f1dacc6b57 Remove deprecated script. 2019-03-27 11:04:51 -07:00
Mariano Cano
b5d67ab129 Remove exposed port, it depends on the configuration. 2019-03-27 11:02:33 -07:00
Mariano Cano
1579a87cc6 Remove unnecessary file. 2019-03-27 10:49:46 -07:00
Mariano Cano
2f661c0941 Update docker images and add docs on how to run step-ca on docker.
Fixes #48
2019-03-26 19:00:13 -07:00
max furman
8402b06119 bump step-cli container version in step-ca Dockerfile 2019-01-16 16:40:13 -08:00
max furman
f7154a9ba3 add Makefile build and deploy docker image for step-ca 2018-11-18 15:35:47 -08:00