search

smallstep / cli

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
https://smallstep.com/cli
Apache License 2.0
3.65k stars 252 forks source link

[Bug]: Rekeying a JWK provisioner fails #1199

Closed tashian closed 3 months ago

tashian commented 3 months ago

Steps to Reproduce

step ca init
step-ca

Then, in another terminal:

step ca provisioner update [jwk provisioner name] --create

Your Environment

Expected Behavior

It should have rekeyed the provisioner and asked me for a new password.

Actual Behavior

CLI output:

✔ CA Configuration: /Users/carl/.step/authorities/test/config/ca.json

Please enter a password to encrypt the provisioner private key? [leave empty and we'll generate one]:
error updating provisioner: error updating provisioner 'carl@smallstep' in authority cache: provisioner carl@smallstep:8MsJE2JtORIf-pQJnW9TWp1mrMqXPH3wg_oGo_gqSks not found

step-ca output:

WARN[0144]                                               duration="17.334µs" duration-ns=17334 fields.time="2024-06-12T14:46:47-07:00" method=GET name=ca path=/admin/admins protocol=HTTP/2.0 referer= remote-address="::1" request-id=32bf204e-7c25-4a24-ab97-2e99656c31a3 size=19 status=404 user-agent="Smallstep CLI/0.26.0 (darwin/arm64)" user-id=

Additional Context

This is without remote provisioner management enabled.

@dopey took a look at this one, confirmed it, and found the source of the error.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

hslatman commented 3 months ago

This seems to be a duplicate of #1059

tashian commented 3 months ago

I resurfaced #1059 on the triage board. It was already in To Do.