Closed hany closed 8 years ago
Sort of. I think what you want is an ssh-cert-authority list subcommand? The API exists on the server, you can see this data via curl:
$ curl http://localhost:8080/cert/requests
The way we use this is via the Slack integration. Whenever a request is created or signed messages are posted to Slack. They look like this:
ssh-cert-authorityBOT [9:17 AM]
SSH cert request from user@example.com with id QATLF2ALPVTO7LLL for Ticket-9722 - need to restart stats_archiver, and hopefully get a core.
ssh-cert-authorityBOT [9:21 AM]
SSH cert QATLF2ALPVTO7LLL signed by someotheruser@example.com making 1/2 signatures.
The Slack integration is pretty cool. It really made life with the tool better. Do you use Slack? IRC? Something else?
I fixed this back in December. Somehow I forgot to close the issue. There now exists a list subcommand.
$ ./ssh-cert-authority request --config-file requester_config.json -e test
Please give a reason: testing the list subcommand
Cert request id: JXBW2ANOVVQ5QJZP
$ ./ssh-cert-authority list --config-file requester_config.json
2 JXBW2ANOVVQ5QJZP[test, 0/1]: bvz-ecdsa - testing the list subcommand
Right now, it appears that a signer requires access to the server hosting
ssh-cert-authority
in order to view the logs to get access to the signing IDs (that, or the requestor has to provide it by other means). Is there a way to get a list of pending signing requests automatically?