-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --enable-admin and --acme flags for the step ca init
command.
#577
Comments
The ACME user flag would be particularly useful. In addition to adding it to the CLI, it should probably be exposed as an option for the docker image via the entrypoint.sh script, so that we could set an environment variable (e.g. As a workaround for now, I use a modified version of the entrypoint to get the CA to be ready to go for ACME requests on startup/creation by updating the
|
This partially addresses #577, but using `--remote-administration` as the flag name. It'll result in the Admin API being enabled as well as a default provisioner and corresponding admin credential being generated. Currently this requires a DB to be configured too, as the logic for creation of the new PKI stores the new provisioner and admin in the DB at all times when the Admin API gets enabled. The behavior this flag introduces might become the default at some point.
The first super admin subject can now be provided through the `--admin-subject` flag when initializing a CA. It's not yet possible to configure the subject of the first super admin when provisioners are migrated from `ca.json` to the database. This effectively limits usage of the flag to scenarios in which the provisioners are written to the database immediately, so when `--remote-management` is enabled. It currently also doesn't work with Helm deployments, because there's no mechanism yet to pass this type of option to the Helm chart. This commit partially addresses smallstep/cli#577
This will allow users to set up API mgmt for provisioners, and unblock users in environments where the
ca.json
is not easily accessible.The --enable-admin flag would create the first provisioner and admin (this code already exists, just behind a boolean).
The --acme flag would create an ACME provisioner.
Related: smallstep/certificates#737
The text was updated successfully, but these errors were encountered: