Google Cloud KMS SSH Host Key Software Backed #460
-
|
Hello, the protection level of the ssh-host-key is hardcoded as certificates/cmd/step-cloudkms-init/main.go Line 237 in 6c0cf99 What is the reason for that? Greetings, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
It looks like we missed the flag variable when we added ssh support. We'll fix it, but this tool is basically for experimenting, you shouldn't relay on it directly for a real PKI. For example the subject of X.509 certificates are also hardcoded to Smallstep Root. |
Beta Was this translation helpful? Give feedback.
-
|
Fixed in a branch for an upcoming release 51ac286 |
Beta Was this translation helpful? Give feedback.
-
|
yeah we noticed that too and assumed that this is because of the experimental status |
Beta Was this translation helpful? Give feedback.
-
|
Feel free to adapting this "script" for your needs, to create your PKI. It's probably easier than doing it using gcloud :) |
Beta Was this translation helpful? Give feedback.
It looks like we missed the flag variable when we added ssh support. We'll fix it, but this tool is basically for experimenting, you shouldn't relay on it directly for a real PKI. For example the subject of X.509 certificates are also hardcoded to Smallstep Root.