-
Notifications
You must be signed in to change notification settings - Fork 539
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Yubikey management CLI #213
Conversation
bd3edd1
to
ef42693
Compare
Removing the WIP! This is good to go. Wee can track the remaining TODOs (including actual signing support) in #108 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!! 🗝️ 💯
"testing" | ||
|
||
// Import the functions directly for testing. | ||
. "github.com/sigstore/cosign/cmd/cosign/cli/pivcli" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cool i haven't seen this before!
Signed-off-by: Dan Lorenc <dlorenc@google.com>
* fix(SECURESIGN-1179): include version metadata The konflux build does not include all the necessary metadata for the `cosign version` command. This change should ensure that the command produces the correct information. Signed-off-by: Lance Ball <lball@redhat.com> * chore: remove k8s v1.24 from e2e tests The upstream has completely refactored the e2e tests. We have not pulled those changes in due to the fact that they haven't been included in a released version yet. However, since the last pull from upstream, k8s v1.24 is no longer supported in the version of kind being used in the tests. This commit removes that version from the tests but otherwise leaves them unchanged. Signed-off-by: Lance Ball <lball@redhat.com> * chore: update image for whitespace check Signed-off-by: Lance Ball <lball@redhat.com> --------- Signed-off-by: Lance Ball <lball@redhat.com>
This adds a new set of subcommands for working with PIV tokens. They currently live under:
cosign piv-tool
Right now we have:
cosign piv-tool set-management-key
cosign piv-tool set-puk
cosign piv-tool set-pin
cosign piv-tool unblock
cosign piv-tool generate-key
cosign piv-tool attestation
They seem to work pretty well! Before merging, I want to do a bit more work on the UX itself, including:
Then a "nice to have" would be a way to disable OTP on the keys :) They get angry whenacciccccccrikcvulenljchtvbbetejhevulebrvbrrkrkevdentally pressed.
Also, tests and stuff probably.
Signed-off-by: Dan Lorenc dlorenc@google.com