Bot releases are visible (Hide)
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Published by github-actions[bot] about 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- df975122 Upgrade linkedca and add entry to changelog
- 666f6956 Merge pull request #1048 from smallstep/attest-platform
- bb0210e8 Fix typo in linkedca variable
- 1e098aef Fixes ACMEAttestationFormat comment
- 66407139 Add methods to convert attestation formats
- 0f651799 Reject not enabled attestation formats
- 53ad3a9d Add go workspaces files to gitignore
- ba42aaf8 Add attestationFormat property in the ACME provisioner
- b2119e9f Merge pull request #977 from smallstep/device-attestation
- fd4e96d1 Rename method to IsChallengeEnabled
- c77b4ff9 Fix linter errors
- 59c5219a Use a type for acme challenges
- a89bea70 Format comment
- 5df94342 Fix old comment, device-attest-01 uses the acme payload
- c5d3714a Fix acme error map
- 08815c5e Reneame attestation statement error
- 3cd72ac7 Remove debug statements
- 55318efe Merge pull request #1043 from unreality/oidc-missing-email
- 1b68a9f9 Merge pull request #1045 from smallstep/deprecation-notice
- bc61b23d Add deprecation notices to step-x-init binaries
- b89f2104 remove fail-email test and add ok-empty-email test
- a2749ca8 Merge branch 'master' into device-attestation
- 7a03c43f allow missing Email claim in OIDC tokens, use subject when its missing
- e75e7e7c Fix linter warnings
- 54d92095 Validate proof of possession signature
- 45af68b2 Upgrade go.step.sm/crypto
- 59b7603d Use a clientAuth only cert for device-attest-01
- 6db631df Upgrade go.step.sm/crypto@attest
- ca412e77 Return error on attestation validation
- ab5f916b Define ErrorBadAttestationStatement
- 735c9d49 Add support for yubikey attestation
- ebce40e9 Add new method ACMEClient.ValidateWithPayload
- f1c63bc3 Fix challenge mapping
- 2a449728 Run go mod tidy
- df96b126 Add AuthorizeChallenge unit tests
- bca311b0 Add acme property to enable challenges
- ae8d4d87 Fix unit test
- 693dc394 Merge branch 'master' into device-attestation
- b1e9d5ee Revert "Run on plaintext HTTP to support Cloud Run"
- 2f7cb922 Use go.step.sm/crypto to set the permanent identifier
- 21427d5d Replace instead of prepend provisioner extension
- 2ab1e665 Fix nonce validation
- e02a190f Merge branch 'master' into device-attestation
- 66356cff Add attestation certificate validation for Apple devices
- 9b9c5551 Add changelog template
- 1d10491f Update README.md
- 274f6ccb iOS 16 beta 2 support
- 7e1b0beb iOS 16 beta 1 support
- 77c6d10f Verify key authorization is contained within the TPM quote extraData field
- e1ec31c0 Implement TPM attestation statement verification
- 2ac8b69d Add ACME permanent-identifier identifier type
- aacd6f4c Add device-attest-01 challenge type
- 09b9673a Run on plaintext HTTP to support Cloud Run
- 860baeb1 Verbose debug logging
Thanks!
Those were the changes on v0.23.0-rc.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] about 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d718c69a Prepare changelog for release
- b8162d59 Merge pull request #1034 from smallstep/fix-1033
- a7fcfe0e Verify with roots and intermediates
- 30c54a55 Add entry in changelog
- ea8579f3 Fix bad signature algorithm on EC+RSA PKI
Thanks!
Those were the changes on v0.22.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] about 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- a893d6e7 Upgrade go.step.sm/cli-utils
- 432477aa Merge pull request #1030 from smallstep/herman/fix-template-validation
- 1938b1bb Merge branch 'master' into herman/fix-template-validation
- 1d1e024b Upgrade to go.step.sm/crypto v0.18.0
- 6b7b9899 Add provisioner template validation
- dd6f59b5 Merge pull request #1024 from smallstep/gosec
- 23b8f45b Address gosec warnings
- 713dfad8 Merge pull request #1019 from smallstep/head-middleware
- 8f88740a Merge pull request #1014 from smallstep/max/dns-id
- 6cab4d32 Add a middleware to automatically route HEAD requests to GET
- c040e4b4 Add unit tests
- 85fc837d Merge pull request #1018 from smallstep/ra-config
- 3c88a9cc Fixed changelog
- 8e08f0de Add entries to changelog
- 0c7467ce Allow to automatically configure and linked RA
- 5e0be922 Allow option to skip the validation of config
- b7c2f6c4 Check for DNS name validity
- ae76d943 Merge pull request #1009 from smallstep/code-ql
- 2db15e4e Remove unnecessary log entries
- 759aa26a Fix linter warning
- 90d27857 Sanitize log entries in logging package
- b62f4d10 Add lgtm comments on some security warnings
- a5439c43 Remove ciphersuites without Lucky13 countermeasures
- d6baad44 Merge pull request #1008 from smallstep/endpoint-id
- 8bd01742 Rename field to IsCAServerCert
- 5df16942 Add endpoint id for the RA certificate
- 20784c7a Merge pull request #1006 from smallstep/max/revoke-serial-validation
- 1dd0d7d0 Update bad serial error to be more specific
- 73ba411e [action] parameterize golangci-lint version
- eb091aec Simplify field names for ProvisionerInfo
- a65adc03 Merge pull request #1005 from smallstep/crypto-kms
- 7052a32c Validate revocation serial number
- 4985ab1d Remove kms package
- 369b8f81 Use go.step.sm/crypto/kms
- 3e2729e3 Merge pull request #989 from smallstep/max/disable-ssh-hosts
- 9f67a808 Merge pull request #1004 from smallstep/go-1.19
- f1aabaa9 Use functions from os instead of io/ioutil
- 8445c29d Change actions to build using Go 1.19
- 99c91554 disableSSHHostsListAPI -> disableGetSSHHosts
- 38fb9245 Merge pull request #993 from smallstep/ra-ids
- 22337da1 Merge pull request #990 from qbit/master
- 821743f7 Upgrade newrelic to v3
- 135c4818 Update deps to bring in support for OpenBSD
- a2f77669 Use released version of linkedca
- c5c7c30c Fix typo in ProvisionerInfo
- 64744562 Send RA provisioner to linkedca.
- 6b5d3dca Add provisioner name to RA info
- 9648fe6b Remove debug statement
- a1f54921 Rename internal field
- f9df8ac0 Remove unused interface
- 7a1e6a0e Fix and extend stepcas unit tests
- 9408d0f2 Send RA provisioner information to the CA
- a8819376 Remove empty lines on debug information
- 87f28a7e Create codeql-analysis.yml
- 0efaf514 Create SECURITY.md
- fb7f57a8 Add attribute to disable SSH Hosts list API
- 01423e36 [action] combine label and triage project add in one workflow
Thanks!
Those were the changes on v0.22.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.21.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.21.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- ffe7c00a Add changelog template
- 6814b7f5 Update README.md
- f140874e Merge pull request #958 from smallstep/rsa-signature-algorithm
- 7ecb8c32 Update CHANGELOG.md
- dab2f791 Merge pull request #960 from smallstep/uri-1.19
- 68a89fbb Split Go 1.19 problematic with build tags
- ed778b7f Merge pull request #956 from shuLhan/kms-uri-test-go119
- 0e7257a2 kms/uri: fix test on Parse for the next Go release
- 31af1efa Sign certificates with the issuer signature algorithm
- 34f92680 Merge pull request #954 from shuLhan/shulhan-gofmt
- 0b748f2d Merge pull request #955 from shuLhan/cas-cloudcas-test-go119
- ee53530d cas/cloudcas: update test on createPublicKey for the next Go release
- fe04f93d all: reformat all go files with the next gofmt (Go 1.19)
- 304cc5a7 Merge pull request #950 from gdbelvin/pinsrc
- fed09047 pinfile
Thanks!
Those were the changes on v0.21.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.20.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.20.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 34d141e4 Merge pull request #945 from smallstep/changelog-update
- 5e56a7b4 Changelog update for 0.20.0
- b4b9893f Update changelog
- 6d580a69 Update changelog
- de00e01f Merge pull request #947 from smallstep/fix-ssh-revocation
- 2adf8caa Fix Dependabot warning on an indirect dependency
- 9c049eec Add revoke ssh unit test
- ce9a23a0 Fix SSH certificate revocation
- abfbbc8d Merge pull request #946 from smallstep/herman/acme-csr-padding
- fd546287 Strip base64-url padding from ACME CSR
- a564b4f3 Merge pull request #944 from smallstep/herman/tls-wasm-client
- a7dd3a98 Set nil dial context for js/wasm runtime
- 911cec21 Merge pull request #943 from smallstep/ssh-renew-provisioner
- 94f5b925 Use proper context in authority package
- 1be74eca Merge branch 'master' into ssh-renew-provisioner
- 539bfddb Merge pull request #914 from smallstep/context-authority
- e7f4eaf6 Remove explicit deprecation notice
- 26dd97e7 Merge branch 'master' into context-authority
- 02fd0e71 Merge pull request #913 from delamart/master
- 07984a96 better error messages
- 9ec154aa rewrite and improve secret-id config
- 6989c7f1 vault auth unit tests
- 6c44291d refactor vault auth
- dec1067a vault kubernetes auth
- 6b3a8f22 Add provisioner to SSH renewals
- 3c4d0412 Merge pull request #941 from smallstep/ssh-provisioner
- eebbd65d Fix linter error
- f8148071 Merge pull request #915 from smallstep/max/removing-beta
- 5443aa07 gofmt -s
- 8ca9442f Add -s to make fmt and bump golangci-lint to 1.45.2
- 586e4fd3 Update authority/options.go
- 1ad75a3b Skip failing test for now
- dd985ce1 Clarify errors when sending renewed certificates
- a627f214 Fix AuthorizeSSHSign tests with extra SignOption
- e7d7eb1a Add provisioner as a signOption for SSH
- 29358607 Store provisioner with SignSSH
- c8d7ad7a Fix store certificates methods with new interface
- de99c3ca Report provisioner and parent on linkedca
- 20b2c6a2 Extract cert storer methods from AuthDB
- 9e05cc4d Merge pull request #940 from smallstep/herman/improve-renew-expired-cert-error
- 479eda73 Improve error message when client renews with expired certificate
- fff00aca Updates to issue templates
- bfb406bf Fixes for PR review
- 14524d79 Merge pull request #938 from smallstep/herman/update-crypto-0.16.2
- d1ab1d54 Merge branch 'master' into herman/update-crypto-0.16.2
- 984e4fcf Merge pull request #932 from smallstep/herman/pkcs7-patches
- b75ce3ac Update to go.step.sm/crypto v0.16.2
- 400b1ece Remove scep handler after merge.
- 898ca412 Merge branch 'master' into context-authority
- ea084d71 Merge pull request #933 from smallstep/herman/allow-deny
- c695b23e Fix check for admin not belonging to policy
- 25b8d196 Couple changes in response to PR
- d0c07336 Merge pull request #924 from vijayjt/vijayt/helmchart-kms
- 7030dbb7 Use github.com/smallstep/pkcs7 fork with patches applied
- d51913f6 Merge pull request #917 from smallstep/herman/scep-get
- 89424229 Add GetID() and add authority to initial context
- 688ae837 Add some tests for SCEP request decoding
- c9a89d13 Merge branch 'master' into herman/scep-get
- 1e03bbb1 Change types in the ACMEAdminResponder
- f639bfc5 Use contexts on the new PolicyAdminResponder
- d461918e Merge branch 'master' into context-authority
- 65090daa Merge pull request #788 from smallstep/herman/allow-deny
- cc26a0b3 Explicitly disable wildcard Common Name constraint
- 0f4ffa50 Fix linting issues
- 71042991 Add full policy validation in API
- 2ea0c703 Move acme context middleware to deprecated handler
- ed231d29 Update to go.step.sm/[email protected]
- 10521139 Don't rely on linkedca model stability in API response bodies
- 5e9bce50 Unexport GetPolicy()
- f0272dc7 Fix import replacement of linkedca
- 60d8b22d Change context retrievers to MustTFromContext
- d51c6b7d Make step handler backward compatible
- 43ddcf2e Do not use deprecated AuthorizeSign
- 02c0ae81 Allow KMS type to be specified in the helm chart template if specified on the command line.
- 62d93a64 Apply base context to test of the ca package
- 9147356d Fix linter errors
- a8a42619 Fix authority/admin/api tests
- 2ab7dc6f Fix acme tests.
- ba499eeb Fix acme/api tests.
- 6f9d847b Fix panic in acme/api tests.
- 723c4c14 Merge branch 'master' into herman/allow-deny
- 77893ea5 Change authority policy to use dbPolicy model
- 13173ec8 Fix SCEP GET requests
- 4cb74e7d fix linter warnings
- d82e51b7 Update AllowWildcardNames configuration name
- d1f75f17 Refactor ACME api.
- fddd6f7d Move linker to the acme package.
- 55b0f728 Add context methods for the acme linker.
- 2b7f6931 Change Subject Common Name verification
- bb8d85a2 Fix unit tests - work in progress
- 42435ace Use scep authority from context
- 688f9ceb Add scep authority to context.
- 216d8f0e Handle acme requests with the new api
- d13537d4 Use context in the acme handlers.
- 439cb81b Use admin Route function
- 8bd4e1d7 Inject the acme database in the context
- bd412c9f Add context methods for the acme database
- 0446e823 Add context methods for the authority database
- 00f181de Use contexts in admin api handlers
- 623c2965 Create context methods from admin database
- 88a1bf17 Update to pull request template
- 48e2fabe Add authority.MustFromContext
- d5070ecf Use server BaseContext
- 817af3d6 Fix unit tests on the api package
- c82296b7 Merge pull request #910 from jschlyter/docker_hsm
- a93653ea Use api.Route instead of the caHandler.
- a6b8e65d Retrieve the authority from the context in api methods.
- 900a640f Enable the authority middleware in the server
- 9628fa35 Add methods to store and retrieve an authority from the context.
- 74a6e59b Add tests for ProtoJSON and bad proto messages
- bddd08d4 Remove "proto:" prefix from bad proto JSON messages
- 6e1f8dd7 Refactor policy engines into container
- 2a762064 Fix more PR comments
- 76112c2d Improve error creation and testing for core policy engine
- b91affdd exposing authority configuration for provisioner cli commands
- c1425422 include support for GCP and AWS KMS by default
- df8eca2c space
- 20f5d12b Improve test rigour for reloadPolicyEngines
- 6264e849 Improve policy error handling code coverage
- 3fa96ebf Improve policy errors returned to client
- 66ba6048 start pcscd if installed
- 6ee48ca6 add pcsc-lite
- 221ced5c add Dockerfile for building with HSM support
- a3c51881 Merge branch 'master' into herman/allow-deny
- c40a4d26 Contain policy engines inside provisioner Controller
- ef110a94 Change pointer booleans to regular boolean configuration
- e9f5a1eb Improve policy bad request handling
- b72430f4 Block all APIs when using linked deployment mode
- fb81407d Fix ACME policy comments
- a2cfbe3d Fix (part of) PR comments
- 3424442c Merge pull request #906 from smallstep/install-step-ra-arm5
- a16facec Merge pull request #905 from smallstep/carl/startup-msg-tweak
- 340aa320 We now have an armv5 step-ca build; remove guard clause from RA install script
- 97b64aa8 Cosmetic fix for consistency in the startup messages
- 3eecc4f7 Improve test coverage for reloadPolicyEngines
- 72bbe533 Add additional policy options
- 9a21208f Add deduplication of policy configuration values
- f2f9cb89 Add conditional defaults to policy protobuf request bodies
- 6532c933 Improve read.ProtoJSON bad protobuf body error handling
- 647538e9 Merge branch 'herman/allow-deny' into herman/allow-deny-options
- ad2de162 Merge branch 'master' into herman/allow-deny
- 7f9034d2 Add additional policy options
- def9438a Improve handling of bad JSON protobuf bodies
- 2ca5c017 Fix flaky test behavior for protobuf messages
- ff8cb19b Fix usage of URL in generateAdminToken
- abcad679 Merge branch 'master' into herman/allow-deny
- 82e00334 Remove Adder options
- 8d15a027 Fix if-else linting issue
- 99702d36 Fix case of no authority policy existing
- d6be9450 Merge branch 'master' into herman/allow-deny
- a9f033ec Fix JSON property name for ACME policy
- 30d5d89a Improve test coverage for Policy Admin API
- 256fe113 Improve tests for ACME account policy
- 0bb15e16 Fix missing ACME provisioner option
- 9797b335 Merge branch 'master' into herman/allow-deny
- 034b7943 Merge branch 'master' into herman/allow-deny
- 7df52dbb Add ACME EAB policy
- 679e2945 Disallow name constraint wildcard notation
- 96f4c49b Improve how policy errors are returned and used
- d8776d8f Add K8sSA SSH user policy back
- 5f0dc42b Fix tests on Go 1.18 due to IDNA deviations
- 235a2c9d Pin to specific version of go.step.sm/linkedca
- 5daa9fc0 Merge branch 'master' into herman/allow-deny
- 571b21ab Fix (most) PR comments
- bfa4d809 Improve middleware test coverage
- 6da243c3 Add policy precheck for all admins
- 628d7448 Don't return policy in provisioner JSON
- 2fbdf7d5 Merge branch 'master' into herman/allow-deny
- 0e052fe2 Add authority policy API
- 23676d3b Merge branch 'master' into herman/allow-deny
- b49307f3 Fix ACME order tests with mock ACME CA
- cf34b32e Merge branch 'herman/allow-deny-next' into herman/allow-deny
- 9e0edc7b Add early authority policy evaluation to ACME order API
- c45d177d Merge pull request #847 from smallstep/herman/allow-deny-next
- 613c99f0 Fix linting issues
- dc23fd23 Merge branch 'master' into herman/allow-deny-next
- 6b620c8e Improve protobuf unmarshaling error handling
- 101ca6a2 Check admin subjects before changing policy
- 81b0c6c3 Add API implementation for authority and provisioner policy
- 3ec9a731 Fix ACME order identifier allow/deny check
- 7c541888 Refactor configuration of allow/deny on authority level
- af53a17b Merge branch 'master' into herman/allow-deny
- c3c6f3da Merge branch 'master' into herman/allow-deny
- 88c7b63c Split SSH user and cert policy configuration and execution
- a7eb27d3 Fix URI domains IDNA support
- acd13cb9 Merge branch 'master' of github.com:smallstep/certificates into herman/allow-deny
- c1424036 Merge branch 'master' into herman/allow-deny
- 9617edf0 Improve internationalized domain name handling
- 512b8d67 Refactor instantiation of policy engines
- 066bf320 Fix part of PR comments
- ff08b505 Fix linting issues
- 6440870a Clean up, improve test cases and coverage
- 1e808b61 Merge logic for X509 and SSH policy
- 6bc30133 Improve test case and code coverage
- 91d51c2b Add allow/deny to Nebula provisioner
- d9c56d67 Merge branch 'master' into herman/allow-deny
- 6bc05134 Add more tests
- 9539729b Add initial implementation of x509 and SSH allow/deny policy engine
Thanks!
Those were the changes on v0.20.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.19.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.19.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 605a9590 [action] attempt to pin goreleaser version
- 27b3d82f [action] goamd64 another attempt at fix
- 18ca6606 [action] issue uploading to scoop - attempt setting goamd64
- ddac3b25 Merge pull request #904 from smallstep/herman/changelogs-20220419
- 714b5e61 Fix
step->step-ca
Thanks!
Those were the changes on v0.19.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.3-rc4_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.3-rc4_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d6ce35a1 [action] attempt to pin goreleaser version
Thanks!
Those were the changes on v0.18.3-rc4!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.2_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- bf8155f Merge pull request #840 from smallstep/changelog/PR829
- b64d1e1 Add entry in changelog.
- 15b1049 Fix json tag for Azure.ObjectIDs.
- 6f46cdb Merge pull request #829 from vijayjt/new-azure-token-authz-options
- 18d99b9 Merge pull request #838 from smallstep/max/validate-provisioner-before-store
- 51210df changelog update
- a79d4af change return value of generateProvisionerConfig to value
- 6030f8b Validate provisioner configuration before storing in DB
- 7a32c31 Update linkedca dependency version
- b128e37 Add SubscriptionIDs and ObjectIDs to provisioner-linkedca conversion functions
- 4a10f2c Rename new fields as per feedback to remove AAD from the name
- dedd136 Merge pull request #831 from smallstep/max/psql
- 9d885e6 bump nosql for postgres support
- 8b68bed Add support for validation of certificate requests using Azure subscription and AAD object IDs. See #735
- c178863 Merge pull request #828 from smallstep/update-changelog
- 3a5312c Add support for
AuthorizationCrtin changelog. - 28af606 Merge pull request #827 from smallstep/x5c-template
- abe951d Fix name of the variable in comment.
- a0cf808 Make the X5C leaf certificate available to the templates.
- 1d09d14 Merge pull request #826 from smallstep/herman/changelogs-20220215
- af17b6a Make copyright year dynamic
- 0b33784 Update changelog
- 4ebf43c Merge pull request #820 from smallstep/herman/acme-api
- 5b713a5 Change CM link
- 5cb23c6 Merge pull request #804 from smallstep/herman/normalize-ipv6-dns-names
- d00729d Refactor ACME Admin API
- 588c72c Merge pull request #817 from Cpcrook/chore/#816-provisioner-decryption-error-messaging
- 11637b5 Add descriptive provisioner JWK decryption error messages
- 039d245 changelog update
- bfa2245 Merge branch 'master' into herman/normalize-ipv6-dns-names
- e887cca Ensure the CA TLS certificate represents IPv6 DNS names as IP in cert
- 1fe7362 Normalize IPv6 addresses in ACME linker
- 716b946 Normalize IPv6 hostname addresses
Thanks!
Those were the changes on v0.18.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 5f4ac5b Fix broken test due to linter fix
- 62690ab Fix linting errors and pin linter version in release action
Thanks!
Those were the changes on v0.18.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] over 2 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1-rc3_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1-rc3_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 5f4ac5b Fix broken test due to linter fix
- 62690ab Fix linting errors and pin linter version in release action
Thanks!
Those were the changes on v0.18.1-rc3!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] almost 3 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.1-rc1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.1-rc1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 8fee970 Merge pull request #779 from smallstep/herman/acme-cli-user-agent
- 07addd0 Fix linting issue
- a68208a Set Step CLI User-Agent when performing ACME requests
- 8473164 Merge pull request #773 from smallstep/herman/ip-sans-improvements
- a5f2f00 Change name of IP Common Name test for clarity
- 80bebda Fix code style issue
- f7c1a32 Merge pull request #777 from smallstep/pkcs11-decrypter
- d5c6572 Fix typo.
- 5a32401 Implement the kms.Decrypter with PKCS#11
- ab44fbf Merge pull request #774 from smallstep/cm-roots
- 2c63abc fix grammar
- 7c4e6dc Remove duplicated code in bootstrap methods
- 64c19d4 Fix subject in test, use ip
- b0b2e77 Avoid doing unauthenticated requests on the SDK
- bc0875b Disallow email address and URLs in the CSR
- 13a31fd Merge branch 'master' into herman/ip-sans-improvements
- ca707cb Fix linting
- a5d3351 Fix test
- a2c9b5c Allow IP identifiers in subject, including authorization enforcement
- fbd3fd2 Merge pull request #625 from hslatman/hs/acme-revocation
- 00539d0 Add changelog entry for ACME revocation
- 3bc3957 Merge branch 'master' into hs/acme-revocation
- 0524122 Remove authorization flow for different Account private keys
- 53ebd85 Update star gif size
- c0255b7 Update star gif
- accb071 Star gif
- 94afec7 Merge pull request #758 from smallstep/errors-forbidden
- e0fee84 Add comment about public key validator.
- 0cebde3 Change fallback message on RekeySSH.
- 004fc05 Fix PR comments
- 9fd147f Change error message.
- 47a8a3c Add test case for ACME Revoke to Authority
- 06bb97c Add logic for Account authorizations and improve tests
- bae1d25 Improve tests for JWK vs. KID revoke auth flow
- a7fbbc4 Add tests for GetCertificateBySerial
- 4d01cf8 Increase test code coverage
- 2d357da Add tests for ACME revocation
- ed295ca Fix linting issue
- c9cd876 Merge branch 'master' into hs/acme-revocation
- 78acf35 Merge pull request #753 from scattered-network/docker-compose-go-mod-updates
- d35848f Fix unit tests.
- c3f98fd Change some bad requests to forbidded.
- cbb0f40 Revert "Update Go Modules: Fixes Docker Example"
- 3c5d1c9 Use smallstep/small-cli as base image, remove step cli build
- ff04873 Change the default error type to forbidden in Sign.
- b9beab0 Fix unit tests.
- 507a272 Return always http errors in sign options.
- d83ca96 Fixes #757
- a33709c Fix sign ssh options tests.
- 1da7ea6 Return always http errors in sign ssh options.
- 031d4d7 Return BadRequest when validating sign options.
- a067b3a Add a note about reload-or-try-restart in systemd
- bb26799 Modify errs.Wrap with forbidden errors.
- b5db3f5 Modify errs.ForbiddenErr to always return an error to the cli.
- 4f84cef Merge pull request #752 from smallstep/errors-bad-request
- d925bc6 Fix systemd renewer to use sh
- 11a1297 Update Go Modules: Fixes Docker Example
- 2d50c96 Merge branch 'master' into hs/acme-revocation
- aa3fdf8 Do not overwrite errors.
- b6ebd11 Update temporal solution for sending message to users
- 668d3ea Modify errs.Wrap() with bad request to send messages to users.
- 8c8db0d Modify errs.BadRequestErr() to always return an error to the client.
- 8ce807a Modify errs.BadRequest() calls to always send an error to the client.
- 8d229b9 update commented template names to match reality
- 9187805 Merge pull request #741 from gdbelvin/ssh
- febb619 Add some extra validation and print certificate objects
- bbb327c Make a csr if there's not a root
- 29f5a35 simplify flags
- 29f9730 Satisfy golangci-lint
- 42f56d6 Set golangci-lint version to v1.41.0 instead of latest
- 023c64c Merge branch 'master' into hs/acme-revocation
- c7a9c13 Add tests for extractOrLookupJWK middleware
- 3151255 Merge branch 'master' into hs/acme-revocation
- a4cfb66 Merge branch 'master' into hs/acme-revocation
- 258efca Improve revocation authorization
- 97165f1 Fix test mocking for CreateCertificate
- 2b15230 Add Serial to Cert ID ACME table and lookup
- 8f7e700 Merge branch 'master' into hs/acme-revocation
- 16fe07d Fix mockSignAuth
- 0e56932 Add support for revocation using JWK
- 84e7d46 Improve handling of ACME revocation
- d53bcaf Add base logic for ACME revoke-cert
Thanks!
Those were the changes on v0.18.1-rc1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Published by github-actions[bot] almost 3 years ago
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.18.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.18.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
fca7de6 changelog update for 0.18.0
de2ce5c Merge pull request #692 from smallstep/max/context
440616c Merge pull request #750 from smallstep/duration-errors
acd0bac Remove extra and in comment.
1aadd63 Use always badRequest on duration errors.
df28436 [action] only run codecov for go 1.17
41fec15 Report duration errors directly to the cli.
7fac8c9 Merge branch 'master' into max/context
0a53af9 Merge pull request #742 from hslatman/hs/fix-golangci-lint-1.43.0
196f6b4 bump cli-utils to 0.7.0
b5bf79b bump nosql library
5554314 bump version ofcli-utils
922d239 Simplify conditional
a7d1449 SSH backwards compat updates
d37313b Use 0600 for profile defaults file.
507be61 Use a more distint map key to indicate template version
f426c15 backwards compatibility for version of cli older than v0.18.0
c80a64d ssh/step_config.tpl context flag in wrong spot
fcc1517 Rename templates and create profileConfig dir ahead of time.
43cba99 PR fixes
3e9830e Use profileDefaults in PKI
c8560b4 updated method name in cli-utils
9d4a7cf Update includes template to use STEPPATH as the replace var
74eea88 Replace Fragment template with Line
da74fa2 Rename FullSnippet to Fragment and remove unused replace in go.mod
b080b75 Template updates to support multiple SSH include snippets
d777fc2 Add ca.WithInsecure and use methods for file names
e5951fd Use methods in the step package
ed4b567 updates after rebase to keep up with master
7eeebca Enable step path contexts in identity and pki paths
10db335 mv pkg config -> step
741ac64 change name of package cli-utils/config to cli-utils/step
2c05f48 Remove support for Go 1.15
e7a988b Pin golangci-lint to v1.43.0 and fix issues
62a20c7 Upgrade cli-utils with latest version of promptui
24a6900 Merge pull request #613 from gdbelvin/extractable
91fb57e Add entry to changelog.
7ec1424 Fix help.
8366b7d Revert "Remove extractable from StoreCertificate."
614ee79 Remove extractable from StoreCertificate.
fa11e82 Add tests with extractable property.
886b9a1 Store the certificate passed.
aa80bf9 Merge branch 'smallstep_master' into extractable
6be383d Refactor pkcs#11 extractable certs and keys.
d68090e Merge pull request #729 from smallstep/funcmap
cb4a2a5 Use the same method to return the templating functions.
cf4944e Merge pull request #728 from smallstep/env
9958e06 Replace promptui with apache-compatible fork.
0f63d43 Remove sprig "env" and "expandenv" functions.
0927e0d Upgrade go.step.sm/crypto dependency
b7d4b48 Merge pull request #724 from smallstep/sign-with-retry
bef50bd Fix typo in variable name.
ead394f Add strategy to retry the sign operation if the key is not yet ready
66a8158 Update README.md
22b471a Extractable certs
be89459 Set key export bit
Thanks!
Those were the changes on v0.18.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
