Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,280 Commits
41 Branches
214 Tags
91 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
mariano/account-provisioner
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

44 Commits (master)

Author SHA1 Message Date
Mariano Cano 725a913f66
Allow custom SCEP key manager 
This commit allows to inject a custom key manger for SCEP.
 1 month ago
Mariano Cano ac773ff44e
Merge branch 'master' into allow_external_x509_ca_service_intf 3 months ago
Panagiotis Siatras dd1ff9c15b
Implementation of the Prometheus endpoint (#1669) 
Implementation of the http://{metricsAddress}/metrics Prometheus endpoint.
 4 months ago
Venky Gopal fbc1e895c2 Allow x509 Service CA implementation to be injected through ca and authority options 4 months ago
Herman Slatman c0fbace882
Address review remarks 8 months ago
Herman Slatman 4dc5a688fd
Set SCEP authority options once 8 months ago
Herman Slatman f1da256ca4
Change SCEP authority initialization 8 months ago
Herman Slatman c9ee4a9f9d
Disable initialization log output if started with `--quiet` 2 years ago
Andrew Reed 7101fbb0ee
Provisioner webhooks (#1001) 2 years ago
Mariano Cano 0bedd22850 Fix typos in WithX509IntermediateCerts comment 2 years ago
Mariano Cano 0214e015a0 Clarify comments by code review 2 years ago
Mariano Cano 23045e1812 Clarify comments by code review 2 years ago
Mariano Cano debe565e42 Validate constraints on Sign and Renew/Rekey 
Fixes #1060
 2 years ago
Mariano Cano 369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2 years ago
max furman 5443aa073a gofmt -s 2 years ago
Max 586e4fd3b5
Update authority/options.go 
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 2 years ago
max furman bfb406bf70 Fixes for PR review 2 years ago
max furman 25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2 years ago
Mariano Cano 955d4cf80d Add authority.WithX509SignerFunc 
This change adds a new authority option that allows to pass a callback
that returns the certificate chain and signer used to sign X.509
certificates.

This option will be used by Caddy, they renew the intermediate
certificate weekly and there's no other way to replace it without
re-creating the embedded CA.

Fixes #874
 2 years ago
Mariano Cano 79349b4d7c Add options to use custom renewal methods. 2 years ago
Mariano Cano 300c19f8b9 Add a custom enforcer that can be used to modify a cert. 2 years ago
max furman 4afcdd55ff Update doc line on WithSSHGetHosts 2 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 6729c79253 Add support for setting individual password for ssh and tls keys 
This change add the following flags:
 * --ssh-host-password-file
 * --ssh-user-password-file

Fixes #693
 3 years ago
Mariano Cano 8fb5340dc9 Use a token at start time to configure linkedca. 
Instead of using `step-ca login` we will use a new token provided
as a flag to configure and start linkedca. Certificates will be kept
in memory and refreshed automatically.
 3 years ago
max furman 9fdef64709 Admin level API for provisioner mgmt v1 3 years ago
max furman 9bf9bf142d wip 3 years ago
max furman 7b5d6968a5 first commit 3 years ago
Miclain Keffeler 7545b4a625 leverage intermediate_ca.crt for appending certs. 3 years ago
Mariano Cano 60515d92c5 Remove unnecessary properties. 4 years ago
Mariano Cano e83e47a91e Use sshutil and randutil from go.step.sm/crypto. 4 years ago
Mariano Cano 824374bde0 Create a method to initialize the authority without a config file. 
When the CA is embedded in a third party product like Caddy, the
config needed to use placeholders to be valid. This change adds
a new method `NewEmbeddedAuthority` that allows to create an
authority with the given options, the minimum options are a root
and intermediate certificate, and the intermediate key.

Fixes #218
 4 years ago
Mariano Cano c49a9d5e33 Add context parameter to all SSH methods. 4 years ago
Mariano Cano 2d4f369db2 Add options to set root and federated certificates using x509.Certificate 4 years ago
Mariano Cano 9641ab33b8 Use crypto.Signer instead of ssh.Signer in SSH options. 4 years ago
Mariano Cano e98d7832b9 Add options to read the roots and federated roots from a bundle. 4 years ago
Mariano Cano c62526b39f Add wip support for kms. 4 years ago
max furman 1e17ec7d33 Use x5cInsecure token for /ssh/check-host endpoint 4 years ago
max furman 927784237d Use an actual Hosts type when returning ssh hosts 5 years ago
max furman 35912cc906 change func def for getSSHHosts 
* continue to return all hosts if injection method not specified
 5 years ago
max furman c407a9319b Add getSSHHosts injection func 5 years ago
max furman 6ca1df5081 Add WithGetIdentityFunc option and attr to authority 
* Add Identity type to provisioner
 5 years ago
Mariano Cano 86a0558587 Add support for /ssh/bastion method. 5 years ago
Mariano Cano 43b663e0c3 Move Option type to a new file. 5 years ago