Commit Graph

1649 Commits (9f0fce6df81c6e3ecb9b26f14af5da04e593a28c)
 

Author SHA1 Message Date
max furman 2799ef9626 [docs] provisioners fix attr dupe and give warning about stale docs 4 years ago
Anton Lundin 3e6137110b Add support for using ssh-agent as a KMS
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
4 years ago
Mariano Cano 98a5aa5916
Merge pull request #409 from smallstep/cloudcas-init
Add CreateCertificateAuthority
4 years ago
Mariano Cano 736a6fb64e Fix rebase. 4 years ago
Mariano Cano a97fab4119 Fix mispell. 4 years ago
Mariano Cano b057c6677a Use test/bufconn instead of a real listener. 4 years ago
Mariano Cano 4f9200cc47 Add missing docs. 4 years ago
Mariano Cano 41a46bbd75 Enable default cas implementation. 4 years ago
Mariano Cano 7020011842 Add some extra tests. 4 years ago
Mariano Cano 7aa8a8fe1e Complete tests for softCAS. 4 years ago
Mariano Cano bb4f2aef2f Fix lint error. 4 years ago
Mariano Cano b275758018 Complete CloudCAS tests.
Upgrade cloud.google.com/go
4 years ago
Mariano Cano 10c2ce3071 Add missing files, mocks created using mockgen. 4 years ago
Mariano Cano b2ae112dd2 Add initial tests for CreateCertificateAuthority. 4 years ago
Mariano Cano b68344ec36 Fix unexpected error. 4 years ago
Mariano Cano 9270d432ea Remove unused code. 4 years ago
Mariano Cano 1d48f00723 Add method to create a CertificateAuthorityResponse. 4 years ago
Mariano Cano dff00a0218 Add support for local signing or cloudCAS intermediates. 4 years ago
Mariano Cano 461735718d Update go.step.sm/crypto dependency. 4 years ago
Mariano Cano 2b4b902975 Add initial support for `step ca init` with cloud cas.
Fixes smallstep/cli#363
4 years ago
Max 5a1e44a399
Merge pull request #411 from smallstep/docs-links
Update READMEs with links to new docs
4 years ago
Mariano Cano c9c31e2033
Merge pull request #414 from smallstep/cli-utils
Use smallstep/cli-utils instead of smallstep/cli
4 years ago
Mariano Cano b79701202b Use cli-utils@v0.1.0 4 years ago
Mariano Cano 40d0596b71 Use smallstep/cli-utils instead of smallstep/cli 4 years ago
Mariano Cano 680898c0d4
Merge pull request #412 from smallstep/aws-certs
AWS Certificates
4 years ago
Mariano Cano 39b23c057d Add all AWS certificates used to verify base64 signatures. 4 years ago
Carl Tashian 80beff6ce3 Update READMEs with links to new docs 4 years ago
Mariano Cano fb18e5afc4
Merge pull request #407 from ndom91/patch-1
Update provisioners.md
4 years ago
Nico Domino 8aae8a6153
Update provisioners.md
Swapped markdown URL / Text
4 years ago
max furman 81a0df9e45 go mod tidy 4 years ago
max furman bf45e6ff16 Bump cli to v0.15.3 4 years ago
max furman 03c1eaa8a5 update year on debian copyright 4 years ago
max furman 3f4d041082 bump cli to master 4 years ago
Max 711aafc1d5
Merge pull request #403 from smallstep/max/acme-lock
[acme] Use lock for ordersByAccID and type to house methods
4 years ago
Mariano Cano 426f846974
Merge pull request #402 from smallstep/ra-init
Add support for CloudCAS on step ca init
4 years ago
max furman 4c48048615 Use sync.Mutex as value 4 years ago
max furman 272cce522e Fix test and change method name 4 years ago
max furman f34fb80eb6 [acme] Use lock for ordersByAccID and type to house methods 4 years ago
Mariano Cano 341dc1c3ea Remove merge data. 4 years ago
Mariano Cano 6a818ebc92 Merge branch 'master' into ra-init 4 years ago
Mariano Cano 2654231c49 Update option property. 4 years ago
Mariano Cano 9f21813dd6 Rename option. 4 years ago
Mariano Cano 2ec0c24e98 Update docs for RA. 4 years ago
Mariano Cano d46990d4c4 Add support for step ca init with a RA. 4 years ago
Mariano Cano ef92a3a6d7 Move cas options under authority. 4 years ago
Mariano Cano 6049d42b5f
Change title to match with CAS 4 years ago
Mariano Cano 6838233416
Merge pull request #395 from smallstep/aws-identity-cert
Add option to specify the AWS IID certificates to use.
4 years ago
Mariano Cano 6a7b564ef9 Unify indent type.
This change changes the indentation used by `step ca init` to be
consistent with Config.Save used by `step ca provisioner *`.
4 years ago
Mariano Cano 7d1686dc53 Add option to specify the AWS IID certificates to use.
This changes adds a new option `iidRoots` that allows a user to
define one or more certificates that will be used for AWS IID
signature validation.

Fixes #393
4 years ago
Mariano Cano 647b9b4541
Merge pull request #367 from smallstep/cas
Support for CAS Interface and CloudCAS
4 years ago