cli
cli copied to clipboard
smallstep
Ability to configure CA/SSH key passwords in the ca.json file
This will be particularly useful for automating the--offline use case and making it completely non-interactive.
See #552 for a bit more context.
@labichn a workaround is to decrypt the keys for CA and SSH keys that are stored on disk. You can use step crypto change-pass --no-password --insecure <file>.
I've tested this on my local and it works.
Or have all of them encrypted with the same password and define the "password" property in the ca.json. But this is basically the same as having them unencrypted :)
This repo might shed a little light on what I'm trying to accomplish.
I can build a read-only offline root CA image with no manual input.
I can build almost all of the online intermediate CA with no manual input, save for this last command to generate the SSH host keypair and certificate. Temporarily adding the password to ca.json is a little wonky, but it does the job, so I appreciate the suggestion!
I still can't generate the user SSH certificate without manual input, though, because I'm not willing to leave the password baked into the online CA image.
If there were a way to provide the CA/SSH key password to step ssh certificate like the other CLI commands it'd be entirely automated and require no user input. I think I'd be able to thread a password-file through a combination of systemd-nspawn and systemd-run if I could specify a password-file field in the ca.json, but I'm not as sure as I was a few days ago.
Hello friends pls am sorry to disturb I have been reading your mail and messages. Am now learning how to code I really don't understand whatever you guys are doing. Pls can someone bless me by being my friend to teach me how to code I have a lot of passion for Software
