Skip to content

add EST provisioner#2507

Open
jbpin wants to merge 8 commits intosmallstep:masterfrom
jbpin:est-provisioner
Open

add EST provisioner#2507
jbpin wants to merge 8 commits intosmallstep:masterfrom
jbpin:est-provisioner

Conversation

@jbpin
Copy link

@jbpin jbpin commented Dec 23, 2025

Implementation of [RFC 7030] (https://datatracker.ietf.org/doc/html/rfc7030).
Support TLS client certificate authentication and basic auth.
Support webhook for authentication, notification and data.
Not covered :

  • full CMC
  • server-side key generation

Name of feature:

EST protocol support (RFC7030)

Pain or issue this feature alleviates:

add support for a protocol that was not yet implemented in certificates

Why is this important to the project (if not answered above):

EST is a protocol used by the industry

Is there documentation on how to use this feature? If so, where?

not yet :/

Supporting links/other PRs/issues:

#2366
#14
💔Thank you!

add EST provisioner
f376e78 
Implementation of [RFC 7030] (https://datatracker.ietf.org/doc/html/rfc7030).
Support TLS client certificate authentication and basic auth.   Support webhook for authentication, notification and data.
Not covered :
* full CMC
* server-side key generation
@CLAassistant
Copy link

CLAassistant commented Dec 23, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Jean-Baptiste Pin seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

1 similar comment
@CLAassistant
Copy link

CLAassistant commented Dec 23, 2025

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Jean-Baptiste Pin seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Dec 23, 2025
Jean-Baptiste Pin added 4 commits December 24, 2025 12:15
add linkedca support for EST
d6c8384 
need for db migration and authority startup

use replace in go.mod to use a linkedca version compatible (need for the build)
Merge branch 'master' into est-provisioner
fb8cdfb
refactor EST auth and add support for signOpts
3abe5f7
Add support for Bearer token and Authentication header in webhook req…
760322f 
…uests

Clean up code implementation
@s5657
Copy link

s5657 commented Jan 15, 2026

Hi @jbpin
thanks for your great contribution for EST 👍
Looks like the PR #2507 will not be proceeded until the license-bot gets your GO:

license/cla
Waiting for status to be reported — Contributor License Agreement is not signed yet.

Just my 2 cents,
a step-ca user liking EST

@jbpin
Copy link
Author

jbpin commented Jan 19, 2026

You can use replace github.com/smallstep/linkedca => github.com/jbpin/linkedca v0.0.0-20260108080200-10b2f2764841 at the end of the go.mod in the cli project to get a step ca command that support EST.

@hslatman hslatman self-assigned this Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@hslatman hslatman

Labels

needs triage Waiting for discussion / prioritization by team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jbpin @CLAassistant @s5657 @hslatman @step-ci