Open
Conversation
Back in "Implementation of the Prometheus endpoint (smallstep#1669)" (dd1ff9c) the keyManager was wrapped in another layer, which caused the key that ssh.Signer tries to use to be a agent.Key, which ssh.Signer doesn't really know what to do with. By inspecting the instrumentedKMSSigner to see if it wraps a WrappedSSHSigner we can extract the original signer which works with ssh.Signer and make sshagentkms work again. Signed-off-by: Anton Lundin <[email protected]>
github-actions
bot
added
the
needs triage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Name of feature:
Fix sshagentkms
Pain or issue this feature alleviates:
sshagentkms not working after "Implementation of the Prometheus endpoint (#1669)" (dd1ff9c).
Why is this important to the project (if not answered above):
Currently, sshagentkms doesn't work in anything after v0.25.2
Is there documentation on how to use this feature? If so, where?
Yes, this feature already exists, and this just makes it work again.
In what environments or workflows is this feature supported?
When one already has a ssh-certificate signing infrastructure based on ssh-agent and would like to expose that via step, or when one would like to use a HSM which exposes the access to the key via a ssh-agent interface and would like to expose that via step.
In what environments or workflows is this feature explicitly NOT supported (if any)?
Any old step versions between dd1ff9c and master.
Supporting links/other PRs/issues:
None. This is both bug report and PR with fix.
💔Thank you!