Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,079 Commits
41 Branches
214 Tags
91 MiB
master
mariano/signer
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bfe29def59'
${ noResults }
Commit Graph

95 Commits (bfe29def59702f6d9ff322aa7df67fb5f58269f7)

Author SHA1 Message Date
max furman ffff9af323
linting and fixing review feedback 2 years ago
max furman 1e0ea6f958
more linting fixes 2 years ago
max furman ab0d2503ae
Standardize linting file and fix or ignore lots of linting errors 2 years ago
Mariano Cano bc61b23d91 Add deprecation notices to step-x-init binaries 
Fixes #1044
 2 years ago
Mariano Cano 23b8f45b37 Address gosec warnings 
Most if not all false positives
 2 years ago
Mariano Cano 369b8f81c3 Use go.step.sm/crypto/kms 
Fixes #975
 2 years ago
Gary Belvin fed09047f9 pinfile 2 years ago
Mariano Cano 37b521ec6c
Merge branch 'master' into feat/vault 2 years ago
Panagiotis Siatras 6d4d4560df
add --context flag to step-ca command (#851) 
* added the --context flag

* apply the context and allow for different ca.json

* amended usage for consistency

* added an extra example

* added an extra example

* reordered and reworded examples
 2 years ago
Mariano Cano c0525381eb Merge branch 'master' into feat/vault 2 years ago
Herman Slatman af17b6a6f3
Make copyright year dynamic 2 years ago
Ahmet DEMIR 16390694e1
feat(vault): adding hashicorp vault cas 2 years ago
Mariano Cano 91878051c1
Merge pull request #741 from gdbelvin/ssh 
Support CSR Requests from PKCS11
 3 years ago
Mariano Cano febb619882 Add some extra validation and print certificate objects 
This commit also changes the following flags for consistency:
  - --crt-cert to --crt-cert-obj
  - --crt-key to --crt-key-obj
 3 years ago
max furman 10db335f13 mv pkg config -> step 3 years ago
Gary Belvin bbb327c8c5 Make a csr if there's not a root 3 years ago
Gary Belvin 29f5a35965 simplify flags 3 years ago
Mariano Cano 8366b7ddf1 Revert "Remove extractable from StoreCertificate." 
This reverts commit 614ee79489.
 3 years ago
Mariano Cano 614ee79489 Remove extractable from StoreCertificate. 3 years ago
Mariano Cano aa80bf9f07 Merge branch 'smallstep_master' into extractable 3 years ago
Mariano Cano e15b5faf7d Merge branch 'master' into keyvault 3 years ago
max furman 933b40a02a Introduce gocritic linter and address warnings 3 years ago
Mariano Cano 205148ad1f Fix exit after defer. 3 years ago
Mariano Cano 48549bf317 Initialize windows terminal on all binaries. 3 years ago
Mariano Cano d02cb1c869 Enable azurekms. 3 years ago
Mariano Cano cfe08ad6fe Add flags to usage. 3 years ago
Gary Belvin 22b471acf9 Extractable certs 3 years ago
Gary Belvin be89459524 Set key export bit 3 years ago
Mariano Cano a0633a6efb
Merge pull request #612 from gdbelvin/kmspin 
Allow reading pin from kms string
 3 years ago
Gary Belvin 1fb4406801 minimize diff 3 years ago
Gary Belvin c6bb7aa199 Add back UI check, but don't read file 3 years ago
Gary Belvin a63a1d6482 Don't double read from u.Pin() 3 years ago
Gary Belvin 063a09a521 Allow reading pin from kms string 3 years ago
Mariano Cano 595f12505c
Merge branch 'master' into name 3 years ago
Gary Belvin c264e8f580 Configurable pkcs11-init output paths 3 years ago
Gary Belvin 623e387fb0 Allow configuration of PKCS11 subject name 3 years ago
Mariano Cano e727532963 Fix wrong format of the first flag on `step-ca --help` 3 years ago
Mariano Cano bdeb0ccd7c Add support for the flag --issuer-password-file 
The new flag allows to pass a file with the password used to decrypt
the key used in RA mode.
 3 years ago
Mariano Cano 71f59de396
Merge pull request #510 from smallstep/ra-mode 
StepCAS.
 3 years ago
Gary Belvin 341966c30f Check pin flag 3 years ago
Gary Belvin 1ac838628a Add flag for setting the pin 3 years ago
Mariano Cano a6115e29c2 Add initial implementation of StepCAS. 
StepCAS allows to configure step-ca as an RA using another step-ca
as the main CA.
 3 years ago
Mariano Cano e446e22520 Remove extra default. 3 years ago
Mariano Cano 3648c3fab6 Fix error message when --kms is not passed. 3 years ago
Mariano Cano 1d2146166b Close key manager. 3 years ago
Mariano Cano 51ac28656e Fix protection level for host keys in cloudkms script. 
Fixes #460
 3 years ago
Mariano Cano 7f9d7eadc9 Attempt to delete key and certificate with the same name. 
Nitrokey will override the label of the key with the certificate one.
If they are stored with the same id.
 3 years ago
Mariano Cano 162c535705 Add option to not store certificates in the pkcs11 module. 3 years ago
Mariano Cano 8dca652bc7 Add support for PKCS #11 KMS. 
The implementation works with YubiHSM2. Unit tests are still pending.

Fixes #301
 3 years ago
Anton Lundin 3e6137110b Add support for using ssh-agent as a KMS 
This adds a new KMS, SSHAgentKMS, which is a KMS to provide signing keys
for issuing ssh certificates signed by a key managed by a ssh-agent. It
uses the golang.org/x/crypto package to get a native Go implementation
to talk to a ssh-agent.

This was primarly written to be able to use gpg-agent to provide the
keys stored in a YubiKeys openpgp interface, but can be used for other
setups like proxying a ssh-agent over network.

That way the signing key for ssh certificates can be kept in a
"sign-only" hsm.

This code was written for my employer Intinor AB, but for simplicity
sake gifted to me to contribute upstream.

Signed-off-by: Anton Lundin <glance@acc.umu.se>
 4 years ago