This commit permits you, when using the --root and --key options, to pass
the password for decrypting the key in --key-password-file rather than
requiring an interactive prompt.
Example usage:
step ca init --root root.crt --key root.key \
--key-password-file root_key_password ...
Closes#453
The `--admin-subject` flag currently only makes sense when initializing
a CA with Remote Management enabled. There's no DB otherwise.
This is related to https://github.com/smallstep/certificates/pull/964.
It's not a complete fix, as the current way will only work at
CA initialization time; not at runtime.
This allows the first super admin subject to be set when a new
CA is initialized. Usage is effectively limited to when remote
management is in use, because the super admin subject will only
be created when provisioners are stored in the database and the
admin API is enabled. It also doesn't work when the CA performs
automatic provisioner migration, as there's no nice way to pass
this information at the moment.
The flag can currently not be used with `--helm`.
This partially addresses https://github.com/smallstep/cli/issues/577,
but using `--remote-administration` as the flag name. It'll result
in the Admin API being enabled as well as a default provisioner and
corresponding admin credential being generated.
Currently this requires a DB to be configured too, as the logic
for creation of the new PKI stores the new provisioner and admin
in the DB at all times when the Admin API gets enabled.
The behavior this flag introduces might become the default at
some point.
Before this change the authority and profile would default to
the first DNS name, potentially resulting in multiple CAs using
the same directories and configuration or configurations being
overwritten.
After this change the name of the context will be used as the
authority and profile name by default. They can still be overridden
using the `--authority` and `--profile` flags. When no context
name is provided, we still default to the first DNS name provided.
Fixes#606
- fixing bad merge of ca/init.go
- need to set caurl, fingerprint in context during bootstrap because
they are used later.
- use ca.WithInsecure() for insecure transport
