-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci test is just broken. Revert trying to fix it.
Signed-off-by: Kevin Fox <[email protected]>
- Loading branch information
Showing
1 changed file
with
0 additions
and
137 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,138 +1 @@ | ||
| trustDomain: example.org | ||
| caPassword: testingNeverUse | ||
|
|
||
| # Generated via step. Dummy values for testing. Don't reuse. | ||
| inject: | ||
| enabled: true | ||
| # Config contains the configuration files ca.json and defaults.json | ||
| config: | ||
| files: | ||
| ca.json: | ||
| root: /home/step/certs/root_ca.crt | ||
| federateRoots: [] | ||
| crt: /home/step/certs/intermediate_ca.crt | ||
| key: /home/step/secrets/intermediate_ca_key | ||
| ssh: | ||
| hostKey: /home/step/secrets/ssh_host_ca_key | ||
| userKey: /home/step/secrets/ssh_user_ca_key | ||
| address: :8443 | ||
| dnsNames: | ||
| - spiffe-step-ssh.example.org | ||
| logger: | ||
| format: json | ||
| db: | ||
| type: badgerv2 | ||
| dataSource: /home/step/db | ||
| authority: | ||
| enableAdmin: false | ||
| provisioners: | ||
| - {"type":"JWK", "name":"default", "key":{"use":"sig", "kty":"EC", "kid":"BWyhNcR7W3XXEgKQ6fAIJiRrL_6JAEXqV84IRYNLdMQ", "crv":"P-256", "alg":"ES256", "x":"OTd-IFqYCzxedQ_jvQ1AtBBcf_ixYXNZeXMper-vVRc", "y":"sYHYmLb-5fxW5nKATlrZpcvRe9w7XbyIxC8f-9cIa_g"}, "encryptedKey":"eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiYXJqYnFPcVNBYjRienVrOVpuQjYyZyJ9.ambYmq9fFWML5ASytRp0B53GAItoh7Awpcbnw8COH-YdsHlj497pKQ.H43YYhJEbPJ90NmR.HwZh5XtEcs2RdJd9iBLG5iIcfFzUNgjN5hNNw-yKB-mPROcqF-kIScd8M08zSGJDHhlD6UmPGCuZ0yAfBZnsCiEcLFuL95-zCF6jqGIUZcoR9ilBpYsKTSjMZW5iDrCMVqVHXWaKNaU76FtpICKLA2PxTdroU1cgC9mn_PYJOb_Wu6_r3WB84oB35q7szSCEVFbnroBCCMQC3moUr81e-tHd9T4Q5rxYig8_8NG3Euxi-cKJ2176LPb6uC09CagNLHzK3KLHI4zYfOIpq23mnTJq-DmN5pQG_fM4EjLmlYkCXVRvzqPh2mrgK2df7dXoeOO1DUVa-iqoK1FYk7Q.nAC3T-P7AE6hyuacEnfljQ", "claims":{"enableSSHCA":true, "disableRenewal":false, "allowRenewalAfterExpiry":false, "disableSmallstepExtensions":false}, "options":{"x509":{}, "ssh":{}}} | ||
| - {"type":"SSHPOP", "name":"sshpop", "claims":{"enableSSHCA":true}} | ||
| tls: | ||
| cipherSuites: | ||
| - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ||
| - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ||
| minVersion: 1.2 | ||
| maxVersion: 1.3 | ||
| renegotiation: false | ||
|
|
||
| defaults.json: | ||
| ca-url: https://spiffe-step-ssh.example.org | ||
| ca-config: /home/step/config/ca.json | ||
| fingerprint: e5b4f76bcef19b4e3717daee6ac5c9d6bfe28d26de92968412240e380dfbb494 | ||
| root: /home/step/certs/root_ca.crt | ||
|
|
||
| # Certificates contains the root and intermediate certificate and | ||
| # optionally the SSH host and user public keys | ||
| certificates: | ||
| # intermediate_ca contains the text of the intermediate CA Certificate | ||
| intermediate_ca: | | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBvDCCAWGgAwIBAgIPZLV/Uv/z34ZNgc+p2LuEMAoGCCqGSM49BAMCMCgxDjAM | ||
| BgNVBAoTBU15IENBMRYwFAYDVQQDEw1NeSBDQSBSb290IENBMB4XDTI0MDkyMzE1 | ||
| MDk0MVoXDTM0MDkyMTE1MDk0MVowMDEOMAwGA1UEChMFTXkgQ0ExHjAcBgNVBAMT | ||
| FU15IENBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA | ||
| BF5NqfKmVI5tbu8weoNLlc6G2sSMr0StSA1BcizmIFCD9uuvhQtTRMslB3pd8yNM | ||
| wcEN4PAI47AsZ1kXni60I+6jZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E | ||
| CDAGAQH/AgEAMB0GA1UdDgQWBBTI03x7Qmhx85OkKawaHNxqQHERMDAfBgNVHSME | ||
| GDAWgBS0KJHmpsvMeuqnDIamNjjl7CuEMjAKBggqhkjOPQQDAgNJADBGAiEA1KFS | ||
| 4Gr8/8Vizn3SiuXSwBK/ouBbkn4CYA7uDhsMNPMCIQDA2QdUz9w08hpsOf3+Fltn | ||
| 8hwsXVfTUS63JN5KJr27EQ== | ||
| -----END CERTIFICATE----- | ||
| # root_ca contains the text of the root CA Certificate | ||
| root_ca: | | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIBkzCCATmgAwIBAgIQOLfmpTvyGx/5tCcjBAAYdjAKBggqhkjOPQQDAjAoMQ4w | ||
| DAYDVQQKEwVNeSBDQTEWMBQGA1UEAxMNTXkgQ0EgUm9vdCBDQTAeFw0yNDA5MjMx | ||
| NTA5NDBaFw0zNDA5MjExNTA5NDBaMCgxDjAMBgNVBAoTBU15IENBMRYwFAYDVQQD | ||
| Ew1NeSBDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtatvAQ04 | ||
| EVj2zS8Uemxt76DaCIVcQ30suZeQ9wgqSCoCAMKUdW21UwYlvjd5fCKP/MCZJQHE | ||
| bAmxuRwKaXteOKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C | ||
| AQEwHQYDVR0OBBYEFLQokeamy8x66qcMhqY2OOXsK4QyMAoGCCqGSM49BAMCA0gA | ||
| MEUCIEhfTTIiWjiDT8lb6tFdQ4uo16bh1DXEsc/TOQp6z3sjAiEAuHeJyGG2d62K | ||
| DAFCir4Ols92ot+ixJDKGZD6e5iOpQE= | ||
| -----END CERTIFICATE----- | ||
| # ssh_host_ca contains the text of the public ssh key for the SSH root CA | ||
| ssh_host_ca: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGmSsLSZ1G7AIwLUkIkG9jGCT2APtJVZ7PXtWZnhBuVHWEVq8wQWd6K6fg2InLq7ox6WacSA3xA/MKkVYwwWxHA= | ||
|
|
||
| # ssh_user_ca contains the text of the public ssh key for the SSH root CA | ||
| ssh_user_ca: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKhbWvFo3tcxBfrIvZG2VedQoMDkof/oMpcJ4UBVC2cWdlRncnLS9QiFc1KHAsMqGNnUFqXds5P5P8J9OchfJ0A= | ||
|
|
||
| # Secrets contains the root and intermediate keys and optionally the SSH | ||
| # private keys | ||
| secrets: | ||
| # ca_password contains the password used to encrypt x509.intermediate_ca_key, ssh.host_ca_key and ssh.user_ca_key | ||
| # This value must be base64 encoded. | ||
| ca_password: null | ||
| provisioner_password: null | ||
|
|
||
| x509: | ||
| # intermediate_ca_key contains the contents of your encrypted intermediate CA key | ||
| intermediate_ca_key: | | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| Proc-Type: 4,ENCRYPTED | ||
| DEK-Info: AES-256-CBC,aa30025d2fd9f400ba3b5e1f333ec8e5 | ||
| KxXL/aHC2nftc18sIu5SCt6TgR2nnTUsl/jTiW7w9rkRm5g6uSJ4OUdJAPXugi5j | ||
| z6v8K96BIxTDjyo+94myO4ZmNJH7Bk0YqKzrrY1EMMWjyBvjE4B/msZrz+VW+g0j | ||
| p82pDqNLcGtQ9Hr0VsS2ZEaWQYfGB8FDxRHbYDE7X2A= | ||
| -----END EC PRIVATE KEY----- | ||
| # root_ca_key contains the contents of your encrypted root CA key | ||
| # Note that this value can be omitted without impacting the functionality of step-certificates | ||
| # If supplied, this should be encrypted using a unique password that is not used for encrypting | ||
| # the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key. | ||
| root_ca_key: | | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| Proc-Type: 4,ENCRYPTED | ||
| DEK-Info: AES-256-CBC,4a3be846e5d596edf7f3af4ef90d0dc5 | ||
| bK+3jOpcfq4iIF50tiBxQ+EFAR7V/ZdBSVX2Mq6DLvp63xJB1U0Z0kU7tKmSAe11 | ||
| js9NHUvXeJGMamEJIrmt/C3FCOfLwlc5EOfwVa7ovXllSvCGyhpooNuNKcyweLw+ | ||
| mlv1KpVd0QzsC5sPI2JtyV5I3RQWL77QnjadkbxPGiA= | ||
| -----END EC PRIVATE KEY----- | ||
| ssh: | ||
| # ssh_host_ca_key contains the contents of your encrypted SSH Host CA key | ||
| host_ca_key: | | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| Proc-Type: 4,ENCRYPTED | ||
| DEK-Info: AES-256-CBC,de2d6c10f7cae88bae6276270346aba3 | ||
| mTTcbkDr9CfqMMJ+i45GP5xJ2HnWlyrFmTLtopmnuAXGygNoYdX20e9/IgCTWgDR | ||
| OuJdTjx66SG/+hINZVh9SDUYrDdVxL5xYHguRm3kQMEUf3QstK/Fk/aRxbhFJ+9y | ||
| SAbNhxJM0EG2lKDewYl5WrukVBSSK4H6Le67gxdCCaM= | ||
| -----END EC PRIVATE KEY----- | ||
| # ssh_user_ca_key contains the contents of your encrypted SSH User CA key | ||
| user_ca_key: | | ||
| -----BEGIN EC PRIVATE KEY----- | ||
| Proc-Type: 4,ENCRYPTED | ||
| DEK-Info: AES-256-CBC,659a4918f90bf45f434f9db3824733d5 | ||
| s7ISHceeTwwWhS2klutAOQrifnm7XkrbvERawQF/DHZZgq1mUi54QPZWp1yHXHnc | ||
| fceAd+t3SUgwdHAC2A5mMyNsuMrTox6IjLshpMJ9yixrI9DpDj8oreHbrJX0qC9Y | ||
| f/g2HIFHlatHEVS6sfaTsgGJMAz5hFZ9n2Y2Rf43tYQ= | ||
| -----END EC PRIVATE KEY----- |