CredHub support?

[xoebus]

This looks great!

Would you be open to a PR that adds support for fetching credentials/certificates from CredHub?

[dpb587]

Thanks.

Definitely interested in that PR. It's all still slowly evolving as I have time, but certauth stuff is pretty stable and straightforward. Let me know if you have any questions.

Also feel free to mention any implementation oddities you notice from your golang expertness. Looking to improve code and me.

On Tue, Mar 7, 2017 at 13:17 Christopher Brown notifications@github.com wrote:

This looks great!

Would you be open to a PR that adds support for fetching credentials/certificates from CredHub?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/dpb587/ssoca/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AAMq8UMFp_NqzNXIs89wle-yCeGJFS_jks5rjZ9MgaJpZM4MV14T .

-- Danny Berger https://dpb587.me

[xoebus]

I started writing a Go CredHub client but it seemed like quite the yak-shave. It sounds like someone else is starting an official one internally. Hopefully that one can be used for this once it is completed.

[xoebus]

The official one is finished! I'll take a look at how it could interact with the existing interfaces.

[dpb587]

Great to know. I'm not sure if it's better to treat CredHub as a CA key store or certificate generator. If used for generating the openvpn certs should be simple, but ssh ones will probably be trickier. Curious what you find and think.

I just switched to dep in 0ad3044124f45e80362adae351289ae1f618fce5 if that makes experimentation any easier.

[dpb587]

Closing – haven't heard a strong use case or interest in this. Additionally it seems non-trivial since CredHub does not currently support traditional CSRs, nor signing SSH certificates. If there's more clear needs, feel free to comment and discuss further.