github 7ritn/VaulTLS v0.10.0
on GitHub

8 hours ago

v0.10.0

While I wish this were the 1.0.0 release, I just felt VaulTLS was at a point where I would like to call it that. Life has been very busy, so finding time has become way harder.

SSH Certificates

Anyway, this release's focus is on SSH certificates. While not envisioned by me initially, demand seemed to be there.

  • Add SSH CAs:
    • OpenSSH uses a significantly simpler PKI. The CA is a key pair used to sign SSH certificates.
    • The downloadable CA file is thus just a public key that can be integrated with your SSH clients.
    • The CA also does not cryptographically expire.
    • To use SSH certs, please generate an SSH CA in the Certificate Authorities tab
  • Add SSH Certificates:
    • The certs consist of a public certificate and a private key.
    • Since OpenSSH does not have a PKCS#12-like cert-key bundle option, downloading a user cert from VaulTLS gives a ZIP file including both files.
    • During creation, principals can be specified that limit the applicability of a specific cert (such as to a specific user or host)
    • While technically possible, as of right now, SSH certificates can not be automatically renewed

Dependencies

This release also includes a bunch of dependency updates. Even if you will not be using SSH certs please update to this release.

Check out latest releases or
releases around 7ritn/VaulTLS v0.10.0

Don't miss a new VaulTLS release

NewReleases is sending notifications on new releases.

Get notifications