oxidecomputer / offline-keystore

yubihsm-setup replacing the yubico cruft with our own cruft!
Mozilla Public License 2.0
10 stars 1 forks source link

Add script for signing ceremony #205

Closed flihp closed 7 months ago

flihp commented 7 months ago

This script takes a password from the caller and uses the oks hsm serial-number command to determine whether or not the password is correct. It relies on the OKS_PASSWORD environment variable accepted by oks. It also implements the retry logic required by the ceremony script.