sign_ssh_keys: Add hook to sign SSH host cert
The *POST /sshkeys/sign* operation accepts a host name and a list of SSH host public keys and returns a signed SSH host certificate for each key. It uses the `step ssh certificate` command to sign the certificates, which in turn contacts the configured *step-ca* service. This operation will allow hosts to obtain their initial certificates. Once obtained, the certificates can be renewed directly using the `step ssh renew` command with the SSH private keys themselves for authentication.
This commit is contained in:
@@ -17,9 +17,12 @@ RUN --mount=type=cache,target=/var/cache/apt \
|
||||
RUN --mount=from=build,source=/tmp/build/dist,target=/tmp/wheels \
|
||||
python3 -m pip install -f /tmp/wheels \
|
||||
dch_webhooks \
|
||||
python-multipart \
|
||||
uvicorn \
|
||||
&& :
|
||||
|
||||
COPY --from=docker.io/smallstep/step-cli:0.25.0 /usr/local/bin/step /usr/local/bin/step
|
||||
|
||||
USER 1000:1000
|
||||
|
||||
CMD ["tini", "/usr/local/bin/uvicorn", "dch_webhooks:app"]
|
||||
|
||||
Reference in New Issue
Block a user