Commit Graph

44 Commits

Author SHA1 Message Date
Mariano Cano
725a913f66
Allow custom SCEP key manager
This commit allows to inject a custom key manger for SCEP.
2024-04-09 18:44:29 -07:00
Mariano Cano
ac773ff44e
Merge branch 'master' into allow_external_x509_ca_service_intf 2024-02-14 11:38:39 -08:00
Panagiotis Siatras
dd1ff9c15b
Implementation of the Prometheus endpoint (#1669)
Implementation of the http://{metricsAddress}/metrics Prometheus endpoint.
2024-01-25 23:47:27 -08:00
Venky Gopal
fbc1e895c2 Allow x509 Service CA implementation to be injected through ca and authority options 2024-01-21 08:50:09 -05:00
Herman Slatman
c0fbace882
Address review remarks 2023-09-26 00:00:08 +02:00
Herman Slatman
4dc5a688fd
Set SCEP authority options once 2023-09-25 22:24:13 +02:00
Herman Slatman
f1da256ca4
Change SCEP authority initialization 2023-09-25 21:55:19 +02:00
Herman Slatman
c9ee4a9f9d
Disable initialization log output if started with --quiet 2022-10-11 12:19:48 +02:00
Andrew Reed
7101fbb0ee
Provisioner webhooks (#1001) 2022-09-29 19:16:26 -05:00
Mariano Cano
0bedd22850 Fix typos in WithX509IntermediateCerts comment 2022-09-23 10:55:20 -07:00
Mariano Cano
0214e015a0 Clarify comments by code review 2022-09-22 11:07:22 -07:00
Mariano Cano
23045e1812 Clarify comments by code review 2022-09-22 11:05:06 -07:00
Mariano Cano
debe565e42 Validate constraints on Sign and Renew/Rekey
Fixes #1060
2022-09-20 18:52:47 -07:00
Mariano Cano
369b8f81c3 Use go.step.sm/crypto/kms
Fixes #975
2022-08-08 17:58:18 -07:00
max furman
5443aa073a gofmt -s 2022-05-19 22:46:25 -07:00
Max
586e4fd3b5
Update authority/options.go
Co-authored-by: Mariano Cano <mariano@smallstep.com>
2022-05-19 22:26:20 -07:00
max furman
bfb406bf70 Fixes for PR review 2022-05-18 09:43:32 -07:00
max furman
25b8d196d8 Couple changes in response to PR
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
2022-05-11 17:04:43 -07:00
Mariano Cano
955d4cf80d Add authority.WithX509SignerFunc
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
2022-03-28 17:54:35 -07:00
Mariano Cano
79349b4d7c Add options to use custom renewal methods. 2022-03-10 13:01:08 -08:00
Mariano Cano
300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2022-02-02 14:36:58 -08:00
max furman
4afcdd55ff Update doc line on WithSSHGetHosts 2022-01-12 12:25:04 -08:00
max furman
933b40a02a Introduce gocritic linter and address warnings 2021-10-08 14:59:57 -04:00
Mariano Cano
6729c79253 Add support for setting individual password for ssh and tls keys
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
2021-09-16 11:55:41 -07:00
Mariano Cano
8fb5340dc9 Use a token at start time to configure linkedca.
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
2021-07-19 19:28:06 -07:00
max furman
9fdef64709 Admin level API for provisioner mgmt v1 2021-07-02 19:05:17 -07:00
max furman
9bf9bf142d wip 2021-05-20 13:01:58 -07:00
max furman
7b5d6968a5 first commit 2021-05-19 15:20:16 -07:00
Miclain Keffeler
7545b4a625 leverage intermediate_ca.crt for appending certs. 2020-12-23 22:41:10 -06:00
Mariano Cano
60515d92c5 Remove unnecessary properties. 2020-09-16 13:31:26 -07:00
Mariano Cano
e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 2020-08-10 11:26:51 -07:00
Mariano Cano
824374bde0 Create a method to initialize the authority without a config file.
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
2020-05-04 18:52:18 -07:00
Mariano Cano
c49a9d5e33 Add context parameter to all SSH methods. 2020-03-10 19:01:45 -07:00
Mariano Cano
2d4f369db2 Add options to set root and federated certificates using x509.Certificate 2020-02-12 15:36:24 -08:00
Mariano Cano
9641ab33b8 Use crypto.Signer instead of ssh.Signer in SSH options. 2020-01-14 18:38:29 -08:00
Mariano Cano
e98d7832b9 Add options to read the roots and federated roots from a bundle. 2020-01-10 18:33:48 -08:00
Mariano Cano
c62526b39f Add wip support for kms. 2020-01-09 18:42:26 -08:00
max furman
1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 2019-12-11 14:54:29 -08:00
max furman
927784237d Use an actual Hosts type when returning ssh hosts 2019-11-20 17:23:51 -08:00
max furman
35912cc906 change func def for getSSHHosts
* continue to return all hosts if injection method not specified
2019-11-20 12:59:48 -08:00
max furman
c407a9319b Add getSSHHosts injection func 2019-11-20 11:32:27 -08:00
max furman
6ca1df5081 Add WithGetIdentityFunc option and attr to authority
* Add Identity type to provisioner
2019-11-14 20:38:39 -08:00
Mariano Cano
86a0558587 Add support for /ssh/bastion method. 2019-11-14 18:24:58 -08:00
Mariano Cano
43b663e0c3 Move Option type to a new file. 2019-11-14 15:29:04 -08:00