CreateFirstProvisioner creates and stores the first provisioner when using admin database provisioner storage.

FromContext returns the current authority from the given context.

IsValidForAddUser checks if a user provisioner certificate can be issued to the given certificate.

MustFromContext returns the current authority from the given context.

New creates and initiates a new Authority type.

NewContext adds the given authority to the context.

NewContextWithSkipTokenReuse creates a new context from ctx and attaches a value to skip the token reuse.

NewEmbedded initializes an authority that can be embedded in a different project without the limitations of the config.

NewTokenContext adds the given token to the context.

ProvisionerToCertificates converts the linkedca provisioner type to the certificates provisioner interface.

ProvisionerToLinkedca converts a provisioner.Interface to a linkedca.Provisioner type.

SkipTokenReuseFromContext returns if the token reuse needs to be ignored.

TokenFromContext returns the token from the given context.

ValidateClaims validates the Claims type.

ValidateDurations validates the Durations type.

WithAdminDB is an option to set the database backing the admin APIs.

WithAuthorizeRenewFunc sets a custom function that authorizes the renewal of an X.509 certificate.

WithAuthorizeSSHRenewFunc sets a custom function that authorizes the renewal of a SSH certificate.

WithConfig replaces the current config with the given one.

WithConfigFile reads the given filename as a configuration file and replaces the current one.

WithDatabase sets an already initialized authority database to a new authority.

WithFullSCEPOptions defines the options used for SCEP support.

WithGetIdentityFunc sets a custom function to retrieve the identity from an external resource.

WithIssuerPassword set the password to decrypt the certificate issuer private key used in RA mode.

WithKeyManager defines the key manager used to get and create keys, and sign certificates.

WithLinkedCAToken is an option to set the authentication token used to enable linked ca.

WithMeter is an option that sets the authority's [Meter] to the provided one.

WithPassword set the password to decrypt the intermediate key as well as the ssh host and user keys if they are not overridden by other options.

WithProvisioners is an option to set the provisioner collection.

WithQuietInit disables log output when the authority is initialized.

WithSCEPKeyManager defines the key manager used on SCEP provisioners.

WithSkipInit is an option that allows the constructor to skip initializtion of the authority.

WithSSHBastionFunc sets a custom function to get the bastion for a given user-host pair.

WithSSHCheckHost sets a custom function to check whether a given host is step ssh enabled.

WithSSHGetHosts sets a custom function to return a list of step ssh enabled hosts.

WithSSHHostPassword set the password to decrypt the key used to sign SSH host certificates.

WithSSHHostSigner defines the signer used to sign SSH host certificates.

WithSSHUserPassword set the password to decrypt the key used to sign SSH user certificates.

WithSSHUserSigner defines the signer used to sign SSH user certificates.

WithTransportWrapper sets the transport wrapper of the authority to the provided one or, in case that one is nil, to a noop one.

WithWebhookClient sets the http.Client to be used for outbound requests.

WithX509CAService allows the consumer to provide an externally implemented API implementation of apiv1.CertificateAuthorityService.

WithX509Enforcers is an option that allows to define custom certificate modifiers that will be processed just before the signing of the certificate.

WithX509FederatedBundle is an option that allows to define the list of federated certificates.

WithX509FederatedCerts is an option that allows to define the list of federated certificates.

WithX509IntermediateCerts is an option that allows to define the list of intermediate certificates that the CA will be using.

WithX509RootBundle is an option that allows to define the list of root certificates.

WithX509RootCerts is an option that allows to define the list of root certificates to use.

WithX509Signer defines the signer used to sign X509 certificates.

WithX509SignerChain defines the signer used to sign X509 certificates.

WithX509SignerFunc defines the function used to get the chain of certificates and signer used when we sign X.509 certificates.

SSHAddUserCommand is the default command to run to add a new user.

SSHAddUserPrincipal is the principal that will run the add user command.

DefaultTLSOptions is an alias to support older APIs.

GlobalVersion stores the version information of the server.

LoadConfiguration is an alias to support older APIs.

Authority implements the Certificate Authority internal interface.

CertificateRevocationListInfo contains a CRL in DER format and associated metadata.

Claims extends jose.Claims with step attributes.

Info contains information about the authority.

RevokeOptions are the options for the Revoke API.

Version defines the.

Meter wraps the set of defined callbacks for metrics gatherers.

ASN1DN is an alias to support older APIs.

AuthConfig is an alias to support older APIs.

Bastion is an alias to support older APIs.

CipherSuites is an alias to support older APIs.

Config is an alias to support older APIs.

Host is an alias to support older APIs.

HostTag is an alias to support older APIs.

Option sets options to the Authority.

SSHConfig is an alias to support older APIs.

SSHKeys is an alias to support older APIs.

SSHPublicKey is an alias to support older APIs.

TLSOptions is an alias to support older APIs.

Wrapper wraps the set of functions mapping [http.Transport] references to [http.RoundTripper].