|
|
|
|
|
|
by dcow
2175 days ago
|
|
|
Smallstep also offers an open source ssh-aware kms-backed certificate authority. https://github.com/smallstep/certificates One nice advantage is its support for different provisioning flows. The oauth flavor allows you to hook into an existing identity provider to authenticate certificate requests. Simply: $ step ssh login
and boom you've got a short-lived ssh certificate in your ssh-agent using a private key that never touched the disk. |
|
|