Mariano Cano

Hi @cpdeethree, the current version of autocert is not designed to write data to secrets, for that we will require to convert autocert into a different tool, basically a k8s...

Hi @Moosemorals, it makes sense to be able to execute a script after creating or renewing a certificate; your implementation has good ideas, but I don't think it is the...

@areed I kind of prefer something more flexible and mount a configmap with a special set of labels for different actions: 1. For which pod I should mount this -...

My proposal is perhaps too complex and for just `--exec` it might make more sense something simpler, but if we're mounting configmaps as this PR proposes, I think we can...

> I had a look at --pid-file and --signal, and I can't see a way of using them that doesn't use both shared process and a shared volume. AFAIK you...

@fastlorenzo wow, thanks for creating those workflows, we don't have yet experience with GitHub workflows, but we might integrate them in autocert.

Hi @arianvp, thanks for this, but does this attestation work as an ACME extension? The new MDA [ACMECertificate](https://developer.apple.com/documentation/devicemanagement/acmecertificate) for enterprises follows more or less [this draft](https://datatracker.ietf.org/doc/html/draft-bweeks-acme-device-attest-01) to perform attestation using...

I have a branch in the CLI that implements the draft with yubikeys. https://github.com/smallstep/cli/pull/741

@paul-snively right now, you can configure an OIDC provisioner on step-ca and get certificates for your persona with your email on them. That draft looks to me as an attempt...

@hslatman I've extracted the Go code, see `verify.go` on #1061