Comments (6)
maraino
commented on June 8, 2024
1
@umegaya I guess it makes sense for the .hsm image of step-ca, at the moment you can download the release from https://github.com/smallstep/step-kms-plugin/releases in a layer and copy it to the final image.
from step-kms-plugin.
maraino
commented on June 8, 2024
1
Hi @umegaya closing this in favor of smallstep/certificates#1286
from step-kms-plugin.
maraino
commented on June 8, 2024
It probably makes sense to include it in HSM Dockerfile as this plugin replaces the step-*-init commands.
from step-kms-plugin.
maraino
commented on June 8, 2024
We will try to create at least a step-ca docker amd64 image with step-kms-plugin with it. We should add this to the default image, without CGO, and distribute the HSM image with CGO so that it can be used with PKCS#11 modules, for example.
That will be part of step-ca, see the related issue. But in this project, we can also create an image based on smallstep/step-cli that includes step-kms-plugin.
from step-kms-plugin.
umegaya
commented on June 8, 2024
@maraino that's sounds great! it would be appreciate if images are prepared for glibc OS like centos or ubuntu, along with alpine. because proprietary hsm products' pkcs library and tools are tend to build for glibc and cannot recompile due to lack of source code.
from step-kms-plugin.
umegaya
commented on June 8, 2024
@maraino seems perfect! thank you for quick response 👍
from step-kms-plugin.
Related Issues (16)
- go install fails due to crypto library error HOT 1
- Support usage text as plugin HOT 1
- Document required IAM permissions for AWS KMS (but also for other providers)
- [Bug]: AWS SSO via `credential_process` not supported HOT 7
- [Request] Support for Azure Managed HSM Vaults HOT 3
- Add docs on KMS URIs HOT 3
- add dependency to .deb HOT 1
- When touich policy is enabled, user isn't prompted to touch the yubikey HOT 2
- Error: failed to load key manager: error initializing PKCS#11: could not open PKCS#11 only when I running step kms outside of pod in k8s HOT 3
- Cannot import a certificate into YubiKey PIV slot HOT 1
- Multiple region support HOT 2
- Add support for `TSS2 PRIVATE KEY` PEM format HOT 11
- Failed to create key - Error generating key HOT 3
- Oracle Vault OCI KMS support
- doc: add example using pin-source method HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from step-kms-plugin.