Skip to content

Commit ade1d6c

Browse files
authored
Merge pull request #320 from smallstep/mariano/go-1.26
Prepare release with Go 1.26
2 parents cf3b866 + f15e989 commit ade1d6c

File tree

3 files changed

+20
-14
lines changed

3 files changed

+20
-14
lines changed

.goreleaser.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ version: 2
99
variables:
1010
packageName: step-kms-plugin
1111
packageRelease: 1 # Manually update release: in the nfpm section to match this value if you change this
12+
macosTarget: 14.0.0
1213

1314
after:
1415
hooks:
@@ -57,7 +58,9 @@ builds:
5758
env:
5859
- CC=o64-clang
5960
- CXX=o64-clang++
60-
- LD_LIBRARY_PATH=/osxcross/lib
61+
- LD_LIBRARY_PATH=/usr/local/osxcross/lib
62+
- CGO_CFLAGS="-mmacosx-version-min={{ .Var.macosTarget }}"
63+
- CGO_LDFLAGS="-mmacosx-version-min={{ .Var.macosTarget }}"
6164
flags:
6265
- -trimpath
6366
ldflags:
@@ -72,7 +75,9 @@ builds:
7275
env:
7376
- CC=oa64-clang
7477
- CXX=oa64-clang++
75-
- LD_LIBRARY_PATH=/osxcross/lib
78+
- LD_LIBRARY_PATH=/usr/local/osxcross/lib
79+
- CGO_CFLAGS="-mmacosx-version-min={{ .Var.macosTarget }}"
80+
- CGO_LDFLAGS="-mmacosx-version-min={{ .Var.macosTarget }}"
7681
flags:
7782
- -trimpath
7883
ldflags:

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
PKG?=github.com/smallstep/step-kms-plugin
22
BINNAME?=step-kms-plugin
3-
GOLANG_CROSS_VERSION?=v1.25
3+
GOLANG_CROSS_VERSION?=v1.26
44

55
# Set V to 1 for verbose output from the Makefile
66
Q=$(if $V,,@)

README.md

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ It can be used independently, or as a plugin for [`step`](https://github.com/sma
88
99
## Installation
1010

11-
There's two installation options:
11+
There are two installation options:
1212

1313
- The most generic way to install `step-kms-plugin` is to use `go install` to
1414
compile it and install it in your `$GOBIN`, which defaults to `$(go env GOPATH)/bin`.
@@ -27,13 +27,15 @@ add it to your `$PATH` or to `$(step path --base)/plugins`.
2727
The following Key Management Systems (KMSs) are supported, but not all of
2828
them provide the full functionality:
2929

30-
* PKCS #11 modules
31-
* [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/)
32-
* [Amazon AWS KMS](https://aws.amazon.com/kms/)
33-
* [Google Cloud Key Management](https://cloud.google.com/security-key-management)
34-
* [Microsoft Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/)
35-
* [YubiKey PIV](https://developers.yubico.com/PIV/)
36-
* ssh-agent
30+
* PKCS #11 modules (`pkcs11:`)
31+
* Platform KMS using TPM KMS on linux and windows and keychain and Secure Enclave on macOS (`kms:`)
32+
* [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) (`tpmkms:`)
33+
* [Amazon AWS KMS](https://aws.amazon.com/kms/) (`awskms:`)
34+
* [Google Cloud Key Management](https://cloud.google.com/security-key-management) (`cloudkms:`)
35+
* [Microsoft Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/) (`azurekms:`)
36+
* [YubiKey PIV](https://developers.yubico.com/PIV/) (`yubikey:`)
37+
* macOS keychain and Secure Enclave on signed binaries (`mackms:`).
38+
* ssh-agent (`sshagentkms:`)
3739

3840
## Setting up `step-ca`?
3941

@@ -375,7 +377,7 @@ but the private key is not exportable from the YubiKey.
375377
First, create a private key on the YubiKey in slot 9a, and output a CSR:
376378

377379
```
378-
$ step certificate create --csr --kms 'yubikey:pin-value=123456' --key 'yubikey:slot-id=9a' mariano@smallstep.com mariano.csr
380+
$ step certificate create --csr -key 'yubikey:slot-id=9a?pin-value=123456' mariano@smallstep.com mariano.csr
379381
Your certificate signing request has been saved in mariano.csr.
380382
```
381383

@@ -395,12 +397,11 @@ https://accounts.google.com/o/oauth2/v2/auth?...
395397
Finally, import the new certificate into the YubiKey:
396398

397399
```
398-
$ step kms certificate --import mariano.crt --kms 'yubikey:' 'yubikey:slot-id=9a'
400+
$ step kms certificate copy mariano.crt 'yubikey:slot-id=9a'
399401
-----BEGIN CERTIFICATE-----
400402
MIICQjCCAeigAwIBAgIRANfNWEXAMPLE3zJ+jRZ4TbUwCgYIKoZIzj0EAwIwKTEn
401403
...
402404
-----END CERTIFICATE-----
403-
404405
```
405406

406407
Note: To use this client certificate against a server, the server needs to trust the intermediate CA rather than the root CA. That's because YubiKeys only support one certificate per key slot (in this case, the client certificate). On your server, you can either trust the intermediate by itself, or a PEM bundle consisting of the intermediate CA first, then the root CA.

0 commit comments

Comments
 (0)