crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-08-09 03:22:43 +03:00
Code Activity
3,767 Commits 19 Branches 342 Tags
master
Commit Graph

98 Commits

Author SHA1 Message Date
Max
60a4eef3de Fix linter warnings (#1450) 
* Remove unnecessary utils files in favor of cli-utils package
* Remove nolint:revive directive from bcrypt-pbkdf file
 2025-07-10 11:15:28 -07:00
Carl Tashian
a0c882c7ba Fix step ca token help text around validity period flags 2025-04-16 12:16:02 -05:00
Herman Slatman
565dcf0ebb Change .Token.user.field to not use curly braces 
The unescaped curly braces result in a broken docs site. Besides
that, other template variables are also not demarcated using curly
braces.
 2025-03-05 12:02:53 +01:00
Dan Fuhry
8abadfcd59 command/ca/token: support custom "user" claim 
Add the `--set` and `--set-file` flags to the `step ca token` command,
allowing the user to set keys in the "user" claim in the resulting JWT.

Signed-off-by: Dan Fuhry <dan@fuhry.com>
 2025-03-03 14:48:39 -05:00
Herman Slatman
de85fd0cef Use github.com/smallstep/cli-utils and reorder imports 2024-09-30 13:25:46 +02:00
Mariano Cano
3eb25647ba Remove SSH cfn support and use x5rt#S256 property 2024-07-23 18:56:17 -07:00
Mariano Cano
e207f94262 Merge branch 'master' into fix-1637 2024-07-23 11:58:33 -07:00
Max
05f95e5b1e Upgrade certificate 0.26.0 | fix linter warnings (#1140) 
* Update certificates to 0.26.0

* Fix linter warnings
 2024-03-28 19:12:36 -07:00
Mariano Cano
4616c58b2e Allow to add confirmation claims to tokens 
This commit allows passing confirmation claims to tokens to tie the
tokens with a provided CSR or SSH public key.

The confirmation claim is implemented in the token command as well as
the com commands that uses a given CSR or ssh public key. Those are:

  - step ca token
  - step ca sign
  - step ssh certificate --sign

Fixes smallstep/certificates#1637
 2024-01-11 16:50:11 -08:00
Mariano Cano
ed54c92f55 Add examples to step ca token help 2023-03-06 18:02:29 -08:00
Mariano Cano
86611a5ad6 Add support for kms signing in step ca token 
This commit adds support for signing tokens for the x5c, jwk and sshpop
provisioners using keys present in a KMS.

It also clarifies the flags --cert-not-before and --cert-not-after.

Fixes #862
 2023-03-06 18:02:24 -08:00
Mariano Cano
71d6b34ebe Fix typo in help 2022-04-13 12:36:08 -07:00
Mariano Cano
d72c1f7e28 Allow to generate renewal tokens with step ca token 2022-03-14 19:28:24 -07:00
Mariano Cano
eb1d58f411 Add support for the --x5c-insecure flag in step ca token 2022-03-11 16:54:03 -08:00
Mariano Cano
a9075d3cbf Add initial support for the nebula provisioner. 2021-12-29 14:20:43 -08:00
max furman
2eccb2be3d Fixing a load of errors from the PR review 2021-11-10 23:18:33 -08:00
max furman
f816f1a621 move errs package to cli-utils 2021-10-27 15:55:18 -07:00
max furman
a8c2310160 Add context flag to all relevant commands 2021-10-27 15:55:17 -07:00
max furman
860c213b97 Initial step path contexts commit 
- move config and command packages to cli-utils
 2021-10-27 15:55:16 -07:00
max furman
6407b1b75f fixing gocritic linter feedback 2021-10-07 17:59:57 -04:00
max furman
ea26436d93 Thread CA password decryption into offline CA bootstrap 2021-09-08 14:54:09 -07:00
max furman
70cebf51ab A few fixes for admin workflow commands and ... 
- <path> to <file> everywhere
 2021-07-08 16:34:53 -07:00
Mariano Cano
d3da28c062 Fix examples in step ca token. 2021-02-04 16:31:01 -08:00
Mariano Cano
d9f035476d Use password file alias in step ca token 
Allow the use of both --password-file (existing) and --provisioner-password-file
on `step ca token`.
 2020-10-28 15:44:29 -07:00
max furman
a443afbd70 Add cert-not-(before/after) to ca token usage 2020-08-14 14:21:10 -07:00
max furman
6bab49a31a change cmd to flags.ParseCaURL and flags.ParseCaURLIfExists 2020-08-02 11:46:38 -07:00
max furman
c3f499e3ef Implicitly require https scheme for ca-url cmd line arg 
Fixes #336
 2020-08-02 11:46:38 -07:00
Mariano Cano
f9f3415134 Merge pull request #309 from mafrosis/minor-manpage-fix 
s/--sans/--san in token CLI docs
 2020-07-15 12:51:54 -07:00
max furman
c1155a5822 Add uri option to usage doc for SAN flag. 2020-07-08 12:14:31 -07:00
max furman
1145bf9332 Don't reuse san and principal flags to avoid confusing usage. 
Fixes #262
 2020-07-07 18:57:59 -07:00
Matt Black
b2a0b6b692 s/--sans/--san in token CLI docs 2020-07-05 07:04:16 +10:00
max furman
c66ae0e9cf Add multiuse token capability to k8sSA tokens 
* adding ssh capability
 2020-01-28 13:33:59 -08:00
Mariano Cano
d734d18a8f Use certificate pki removed in merge. 2020-01-28 13:33:59 -08:00
max furman
b8d289b654 sshpop provisioner + ssh renew | revoke | rekey 2020-01-28 13:33:59 -08:00
max furman
3b8506e18e Add kubernetes service account provisioner / tokens 
* add/remove provisioner
* use kubernetes service accoun tokens with `step ca
sign|token|certificate`
 2019-10-29 17:41:22 -07:00
max furman
323f7e11ab Add x5c provisioner capabilities 
* certificate create/sign with x5c token
* provisioner add/remove
* jwt/jws sign with x5c hdr
 2019-10-14 15:01:46 -07:00
max furman
1868ec39d8 Add ACME CA capabilities 2019-09-13 15:53:34 -07:00
max furman
01564f6a7e Changes based on SSH CA PR Review 
* Use global flags rather than flags local to the CA package.
* Alphabetize flag names so they're easier to parse for humans.
* Fix some documentation snafus.
* crt -> cert where possible. At least for internal naming. Not gonna
  change JSON req/resp bodies b/c that would affect clients.
 2019-09-09 13:08:25 -07:00
Mariano Cano
aa5aa257e6 Use sign types from cautils package. 2019-08-15 11:28:57 -07:00
Mariano Cano
af1b9db7ad Remove dead code. 2019-08-14 16:54:19 -07:00
Mariano Cano
0759276702 Refactor common code between ssh and ca to cautils and flags. 2019-08-14 15:46:05 -07:00
Mariano Cano
a6ecb701f3 Add support for ssh flags in step ca token. 
Complete refactor of generate token.
 2019-07-25 18:36:16 -07:00
Mariano Cano
e4cdd7de18 Fix typo. 2019-07-25 11:34:32 -07:00
Mariano Cano
70b8f5c71a Add initial support for step ca ssh-certificate command. 
Fixes smallstep/ca-component#187
 2019-07-24 19:17:34 -07:00
Mariano Cano
8524ec9a8e Add subject to IID sans if disableCustomSANs is set to false. 2019-07-19 16:47:17 -07:00
Mariano Cano
64f687ce08 Allow custom common names in cloud identity provisioners. 2019-07-15 16:57:45 -07:00
Mariano Cano
71edf1e79c Clean provisioner select. 2019-06-06 15:17:50 -07:00
Mariano Cano
f850af5a63 Add caURL to GetIdentityToken and update dependencies. 2019-06-06 14:24:45 -07:00
Mariano Cano
e4ab4a22e7 Add --issuer filter to step ca certificate and sign. 
Fixes smallstep/step#160
 2019-06-04 17:54:20 -07:00
Mariano Cano
dbf6997e8e Add support of offline mode in cloud identity certs. 
Fixes smallstep/step#159
 2019-06-04 17:33:55 -07:00