Bob Van Zant

Thanks for the super detailed report here. As I followed your steps to reproduce I noticed the issue: ``` eval `ssh-agent -s`; ssh-add my_ssh_cert_authority; ssh-add -E md5 -l; ssh-agent ssh-cert-authority...

I spent some time thinking about this and I'm not convinced that a SQL backend is the right approach. Generally I think the next major feature for the project should...

I can put something together in BUILDING.rst. Was there a particular area you needed help with? Assuming you are already familiar with Go build environments you basically just run build.sh...

The `--environment other` workaround is what I do as well. I have shell scripts like "request_cert_prod" and "request_cert_stage" but for signing I call the script "sign_cert". The one use case...

If your configuration file only contains one environment the code is smart enough to not require the --environment flag. But when more than one environment is in the configuration file...

Yes. I actually have a branch somewhere that does this. The code quickly got more complicated than I liked when I tried to seamlessly support both the legacy md5 format...

tl;dr The workaround is to use -E md5 and strip the MD5 prefix from the output. I'll bring a little context to the picture here. There are three places where...

Users shouldn't generate a CA. There's only one CA per environment and it's purely on the server side. Given that, the config on the server for the user should specific...

Thoughts, yes. In general I worry about authenticating systems on boot. It's super simple to just auto-sign any host that boots. Unfortunately this is about as useful as simply typing...

Yeah, I'm still thinking about this. Kind of waiting to hope I come up with a simple solution. One avenue of thinking is using the instance identity document which work...