search

smallstep / cli

🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
https://smallstep.com/cli
Apache License 2.0
3.65k stars 252 forks source link

Support for `--admin-kms` in `step ca provisioner` subcommands #1250

Open tashian opened 2 months ago

tashian commented 2 months ago

For CA administrative functions, it would be nice to be able to use a KMS-bound key.

This enables a flow where a YubiKey could be used to admin the CA, using an admin cert acquired via ACME DA.