certificates icon indicating copy to clipboard operation
certificates copied to clipboard

Published 20 hours ago verified publisher icon smallstep

Provisioner webhooks

Open areed opened this issue 3 years ago • 1 comments
trafficstars

Name of feature:

Provisioner webhooks

Pain or issue this feature alleviates:

Augment template contexts with dynamically changing data.

Is there documentation on how to use this feature? If so, where?

https://github.com/smallstep/docs/pull/141

In what environments or workflows is this feature supported?

These can be added to any provisioner that uses templates, but the admin API must be enabled to support secrets, including the signing secrets and authorization headers.

Supporting links/other PRs/issues:

https://github.com/smallstep/cli/pull/726 https://github.com/smallstep/crypto/pull/58 https://github.com/smallstep/linkedca/pull/24

💔Thank you!

areed avatar Aug 05 '22 17:08 areed

I'm still looking into this. And I don't see how device attestation will be integrated here.

@maraino the acme provisioner will need to be configured use an authorizing webhook since it doesn't use templates. https://github.com/smallstep/certificates/pull/1001/files#diff-7ebfe74c94aa45510ec8aea86e5b7fff5305fb8488e0a9b3b671013ff66dc75bR186

The webhook server will get a copy of the certificate in json template format. Will it be able to find the device ID in that cert and make an authorization decision?

areed avatar Sep 12 '22 15:09 areed

🎉 🎉

hslatman avatar Sep 30 '22 09:09 hslatman