Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow users to define certificate comment in agent #1158

Merged
merged 4 commits into from
May 14, 2024
Merged

Allow users to define certificate comment in agent #1158

merged 4 commits into from
May 14, 2024

Conversation

redrac
Copy link
Contributor

@redrac redrac commented Apr 20, 2024

Name of feature:

Allow users to define certificate comment in agent

Pain or issue this feature alleviates:

Added a comment flag which allows users to set the comment for a certificate when it gets added to an agent. It defaults to current behavior if not set, which is it uses the subject as the comment. This allows users who interact with multiple CAs with the same identity (email) to have multiple certificates in the agent. It also allows for use cases when users generate SSH certs with different extensions to load multiple certificates in their agent. One use case we currently have is we allow users to add the github extension to their certificate, but we also disable agent forwarding. A user might want to get a regular (non-github extension) certificate into their agent for regular SSHing with agent forwarding while also having another certificate that has the github extension that cannot be forwarded anywhere in their agent. Currently they cannot do this because step complains about duplicate certificates (because the subject is always the comment).

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Apr 20, 2024
@redrac redrac force-pushed the feature/allow_alternative_comment branch from 5d18129 to 9cc3c76 Compare April 23, 2024 14:21
@hslatman hslatman requested a review from dopey April 23, 2024 17:19
@redrac redrac force-pushed the feature/allow_alternative_comment branch from 9cc3c76 to 8438c1a Compare April 26, 2024 21:57
@redrac
Allow users to define certificate comment in agent
befc7b4 
Added a comment flag which allows users to set the comment for a
certificate when it gets added to an agent. It defaults to current
behavior if not set, which is it uses the subject as the comment.
This allows users who interact with mutliple CAs with the same
identity (email) to have multiple certificates in the agent. It
also allows for use cases when users generate SSH certs with different
extensions to load multiple certificates in their agent.
@redrac redrac force-pushed the feature/allow_alternative_comment branch from 8438c1a to befc7b4 Compare May 8, 2024 20:30
dopey
dopey reviewed May 14, 2024
View reviewed changes
command/ssh/certificate.go Outdated Show resolved Hide resolved
dopey
dopey previously approved these changes May 14, 2024
View reviewed changes
@dopey dopey merged commit 32bdf40 into smallstep:master May 14, 2024
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dopey dopey dopey approved these changes

Assignees

@dopey dopey

Labels
needs triage Waiting for discussion / prioritization by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@redrac @dopey