From 347bb0c40be1d85dbea222e9a0a3067bf25359c5 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 28 Nov 2023 16:33:07 -0800 Subject: [PATCH] Add --ca-kms flags to KMS examples --- step-ca/configuration.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/step-ca/configuration.mdx b/step-ca/configuration.mdx index 9d46472d..bf53ee02 100644 --- a/step-ca/configuration.mdx +++ b/step-ca/configuration.mdx @@ -611,6 +611,7 @@ $ step kms create --json --kms 'cloudkms:' \ 'projects/smallstep/locations/global/keyRings/step-ca/cryptoKeys/intermediate' $ step certificate create --profile intermediate-ca \ --kms 'cloudkms:' \ + --ca-kms 'cloudkms:' \ --ca root_ca.crt \ --ca-key 'projects/smallstep/locations/global/keyRings/step-ca/cryptoKeys/root/cryptoKeyVersions/1' \ --key 'projects/smallstep/locations/global/keyRings/step-ca/cryptoKeys/intermediate/cryptoKeyVersions/1' \ @@ -742,6 +743,7 @@ Great. Next, we'll repeat the process for the Intermediate CA: $ step kms create --json --kms 'awskms:region=us-east-2' intermediate-ca $ step certificate create --profile intermediate-ca \ --kms 'awskms:region=us-east-2' \ + --ca-kms 'awskms:region=us-east-2' \ --ca root_ca.crt \ --ca-key 'awskms:key-id=78980acd-a42d-4d84-97ba-1e50d3082214' \ --key 'awskms:key-id=9432458d-1e67-4a74-9a23-8f94708b45fe' \ @@ -974,6 +976,7 @@ Great. Next, we'll repeat the process for the Intermediate CA: $ step kms create --json --kms "$PKCS_URI" "pkcs11:id=7332;object=intermediate-ca" $ step certificate create --profile intermediate-ca \ --kms "$PKCS_URI" \ + --ca-kms "$PKCS_URI" \ --ca root_ca.crt \ --ca-key "pkcs11:id=7331;object=root-ca" \ --key "pkcs11:id=7332;object=intermediate-ca" \ @@ -1118,6 +1121,7 @@ Great. Next, we'll repeat the process for the Intermediate CA: $ step kms create --json 'yubikey:slot-id=83' $ step certificate create --profile intermediate-ca \ --kms 'yubikey:pin-value=123456' \ + --ca-kms 'yubikey:pin-value=123456' \ --ca root_ca.crt \ --ca-key 'yubikey:slot-id=82' \ --key 'yubikey:slot-id=83' \