Closed udf2457 closed 1 week ago
Hey @udf2457,
What happens if you try this:
step certificate create --profile root-ca --kms 'yubikey:pin-value=1234567' --key 'yubikey:slot-id=82' 'FOO' root_ca.crt
It's possible you got the error because of the order of arguments provided and how they're evaluated. In this case FOO
is placed at the end, and the certificate will be written to root_ca.crt
.
In this case you'll need --kms
and --key
, as you're using the root-ca
profile. For the intermediate you would need to specify the --ca-kms
and --ca-key
, and point those to the values you used for the root.
@hslatman Yeah, reworking in that order fixed it. Thanks.
Great to hear 🙂
Unfortunately, I don't think we can handle this in a better way at the moment due to the packages we use for handling the command line flags, so I'll close the issue for now.
Steps to Reproduce
According to the docs, this:
step certificate create --profile root-ca "FOO" --ca-kms yubikey:pin-value=1234567 --ca-key yubikey:slot-id=82
Should work because
ca-kms
andca-key
are valid options flags ?The same thing happens if you use
--kms
and--key
.But step insists on pushing keys to disk ?
Your Environment
Smallstep CLI/0.27.4 (darwin/arm64)
Expected Behavior
Generate cert using yubikey
Actual Behavior
Errors out with:
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).