cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon smallstep

Fix: Ensure step ca rekey --daemon generates new keys as expected

Open aliamerj opened this issue 6 months ago • 0 comments

Name of feature:

Rekeying with new private key in daemon mode

Description

This PR fixes #1343 where step ca rekey with the --daemon flag was not generating new keys on renewal — behaving like step ca renew instead.

Pain or issue this feature alleviates:

Previously, running step ca rekey ... --daemon would renew the certificate without generating a new key, defeating the purpose of rekeying. This fixes that behavior.

Why is this important to the project (if not answered above):

It ensures rekeying in daemon mode actually rotates the private key, aligning with user expectations and the behavior of one-shot rekeying.

Is there documentation on how to use this feature? If so, where?

Yes

In what environments or workflows is this feature supported?

In what environments or workflows is this feature explicitly NOT supported (if any)?

Supporting links/other PRs/issues:

Fixes: #1343

💔Thank you!

aliamerj avatar Jun 20 '25 13:06 aliamerj