crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-09-11 21:30:43 +03:00
Code Activity
3,797 Commits 19 Branches 342 Tags
master
Commit Graph

119 Commits

Author SHA1 Message Date
SamuelBoerlin
e3a16d4c15 Remove --bundle from step ca certificate usage text (#1302) 
Fixes #521
 2024-10-29 09:36:51 -07:00
Herman Slatman
de85fd0cef Use github.com/smallstep/cli-utils and reorder imports 2024-09-30 13:25:46 +02:00
Mariano Cano
2a6e644000 Add console flag to ssh commands 
This commit adds the `--console` flag to the following commands:
 * `step ssh certificate`
 * `step ssh config`
 * `step ssh hosts`
 * `step ssh login`
 * `step ssh proxycommand`
 2024-07-15 18:47:24 -07:00
Herman Slatman
0cbf9fe936 Add --attestation-ca-insecure flag for disabling TLS validation 2023-04-06 17:36:17 +02:00
Herman Slatman
e642396b61 Refactor attestation client 2023-03-23 19:55:37 +01:00
Herman Slatman
1d54c920ec Clean up TPM attestation flow 2023-03-13 13:47:06 +01:00
Herman Slatman
6b5505d790 Refactor attestation enrollment process 2023-03-08 01:18:33 +01:00
Herman Slatman
4a3494726f Return errors instead of logging TPM failures 2023-02-02 17:39:30 +01:00
Herman Slatman
d6d0a9530e Merge branch 'master' into acme-attestation 2022-11-03 23:56:44 +01:00
Herman Slatman
8c06e36001 Merge branch 'master' into acme-attestation 2022-11-03 23:54:11 +01:00
Raal Goff
cff4c6d8da initial work to allow x5c to use KMS certs and keys for token generation 2022-10-24 20:00:25 +08:00
Mariano Cano
d7a542f920 Work in progress of using go.step.sm/crypto 2022-09-29 18:56:03 -07:00
Mariano Cano
4fc5893172 Rename flag to --attestation-uri 2022-09-13 11:00:29 -07:00
Mariano Cano
e320ac513a Implement device-attestations for yubikeys 
Currently the kms yubikey implements the attestation interface,
this experimental commit uses that interface to request a certificate
using ACME with the device-attest-01 challenge.
 2022-08-30 09:57:55 -07:00
Herman Slatman
c11f1d9994 Merge branch 'master' into acme-attestation 2022-08-30 16:31:21 +02:00
max furman
b9b48800ea A bunch more sensible linters and fixes 2022-08-18 22:39:04 -07:00
Herman Slatman
0026346faf Improve Device Attestation flow 2022-08-12 15:25:13 +02:00
Herman Slatman
ba8aef67e2 Add basic ACME device-attest-01 support 
The `--permanent-identifier` flag can be used when requesting a
certificate from `step-ca`. The ACME `device-attest-01` challenge
method will be used to authorize the certificate request.
 2022-08-04 15:15:08 +02:00
max furman
1eb9722ed4 Add example 2022-05-31 22:51:24 -07:00
max furman
b0750eddc9 Add --password-file flag for offline mode without password input 2022-05-31 22:51:24 -07:00
Mariano Cano
a9075d3cbf Add initial support for the nebula provisioner. 2021-12-29 14:20:43 -08:00
max furman
2881ea481e Remove internal ui package 2021-12-19 11:27:07 -05:00
max furman
2eccb2be3d Fixing a load of errors from the PR review 2021-11-10 23:18:33 -08:00
max furman
f816f1a621 move errs package to cli-utils 2021-10-27 15:55:18 -07:00
max furman
a8c2310160 Add context flag to all relevant commands 2021-10-27 15:55:17 -07:00
max furman
860c213b97 Initial step path contexts commit 
- move config and command packages to cli-utils
 2021-10-27 15:55:16 -07:00
max furman
6407b1b75f fixing gocritic linter feedback 2021-10-07 17:59:57 -04:00
Mariano Cano
c3c255293f Remove checks for OIDC provided certificates. 
All the checks if any will be in the CA side. To keep the current
CN (token.sub) when an admin uses `step ca certificate <email>`
then the CN will be the token.sub.

Fixes #340
 2021-09-17 14:52:58 -07:00
max furman
d7300d43a5 Remove --bundle flag from usage 2021-08-19 11:24:39 -07:00
max furman
70cebf51ab A few fixes for admin workflow commands and ... 
- <path> to <file> everywhere
 2021-07-08 16:34:53 -07:00
Mariano Cano
bcae4cfa2c Add support for --provisioner-password-file in step ca sign. 
This change adds support for --provisioner-password-file in
`step ca signs`. It also cleans the extra flag in `step ca certificate`
that was just there because the code generating the token didn't know
about --provisioner-password-file.

Fixes #378
 2020-10-28 15:37:14 -07:00
Mariano Cano
3ea6ced4ad Add help for template parameters in step ca certificate. 2020-07-22 12:09:11 -07:00
Mariano Cano
7a8d26738c Add support for --set and --set-file in step ca certificate. 2020-07-21 18:15:04 -07:00
max furman
c1155a5822 Add uri option to usage doc for SAN flag. 2020-07-08 12:14:31 -07:00
max furman
1145bf9332 Don't reuse san and principal flags to avoid confusing usage. 
Fixes #262
 2020-07-07 18:57:59 -07:00
Mariano Cano
3c4aa2228d Fix lint errors. 2020-01-28 13:34:00 -08:00
max furman
c66ae0e9cf Add multiuse token capability to k8sSA tokens 
* adding ssh capability
 2020-01-28 13:33:59 -08:00
max furman
d8c7337fad Allow decrypting the provisioner from the 'ca certificate' command. 2019-11-05 16:37:40 -08:00
max furman
3b8506e18e Add kubernetes service account provisioner / tokens 
* add/remove provisioner
* use kubernetes service accoun tokens with `step ca
sign|token|certificate`
 2019-10-29 17:41:22 -07:00
max furman
323f7e11ab Add x5c provisioner capabilities 
* certificate create/sign with x5c token
* provisioner add/remove
* jwt/jws sign with x5c hdr
 2019-10-14 15:01:46 -07:00
max furman
1868ec39d8 Add ACME CA capabilities 2019-09-13 15:53:34 -07:00
max furman
01564f6a7e Changes based on SSH CA PR Review 
* Use global flags rather than flags local to the CA package.
* Alphabetize flag names so they're easier to parse for humans.
* Fix some documentation snafus.
* crt -> cert where possible. At least for internal naming. Not gonna
  change JSON req/resp bodies b/c that would affect clients.
 2019-09-09 13:08:25 -07:00
Mariano Cano
b09a93d567 Merge branch 'master' into ssh-ca 2019-09-05 23:48:18 +02:00
max furman
043a79a76c Add example for step ca certificate with RSA pub key 2019-08-28 18:15:42 -07:00
max furman
4fcf70192f Support console mode in step ca [sign|certificate] 
* Fixes #132
 2019-08-27 13:10:00 -07:00
Max
37a648b70b Merge pull request #136 from smallstep/kty 
Add kty|crv|size options to 'step ca certificate'
 2019-08-27 13:01:13 -07:00
max furman
e49b733fbf switch to golangci-lint and fix lots of linting errors 2019-08-26 19:04:54 -07:00
max furman
b47a0b9110 Add kty|crv|size options to 'step ca certificate' 
Fixes #133
 2019-08-26 13:39:54 -07:00
max furman
c986fb1d00 Add emails sans to ca [sign|certificate] and certificate create 
* x509util.SplitSANs now finds emails as well
 2019-08-23 15:59:51 -07:00
Mariano Cano
0759276702 Refactor common code between ssh and ca to cautils and flags. 2019-08-14 15:46:05 -07:00