- min-encryption-password-length
- provisioner
Enforce min-encryption-password-length, if set, in the 'step ssh
certificate' command.
Add flags.FirstStringOf returns value of first defined flag in input list
This commit adds the `--console` flag to the following commands:
* `step ssh certificate`
* `step ssh config`
* `step ssh hosts`
* `step ssh login`
* `step ssh proxycommand`
* Allow users to define certificate comment in agent
Added a comment flag which allows users to set the comment for a
certificate when it gets added to an agent. It defaults to current
behavior if not set, which is it uses the subject as the comment.
This allows users who interact with mutliple CAs with the same
identity (email) to have multiple certificates in the agent. It
also allows for use cases when users generate SSH certs with different
extensions to load multiple certificates in their agent.
This commit allows passing confirmation claims to tokens to tie the
tokens with a provided CSR or SSH public key.
The confirmation claim is implemented in the token command as well as
the com commands that uses a given CSR or ssh public key. Those are:
- step ca token
- step ca sign
- step ssh certificate --sign
Fixessmallstep/certificates#1637
With the changes from https://github.com/smallstep/crypto/pull/207,
the default behavior of `step ssh fingerprint` changes to be like
the behavior of `ssh-add` (and similar tools). When a fingerprint
is determined for an SSH certificate, the fingerprint will only
include the bytes of the public key. With the `--certificate` flag,
a user can create a fingerprint for the entire SSH certificate
contents.
Machines doing ssh client connections might want to use a JWK
provisioner to create the SSH certificate, this change allows
to automatically create the token if --provisioner and
--provisioner-password-file are passed.
Add an additional `emoji` format for the `step certificate fingerprint`
that encodes the certificate fingerprint as an emoji string.
Add the `--format` flag to the `step ssh fingerprint` command that
controls the encoding of the fingerprint. The default behavior of the
command is unchanged. The additional encodings are the same as for
`step certificate fingerprint`.
Add teh `--format` flag to the `step crypto key fingerprint` command that
controls the encoding of the fingerprint. The default behavior of the
command is unchanged. For `sha1` hex encoding is used, for `sha256`
base64 encoding is used. The additional encodings are the same as for
`step certificate fingerprint`.
fixes#570
