Skip to content

Commit

Permalink
Update changelog with --ca-kms and --skip-csr-signature
Browse files Browse the repository at this point in the history
  • Loading branch information
@hslatman
hslatman committed Aug 9, 2023
1 parent fd609e9 commit ce5c69a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Detect OIDC tokens issued by Kubernetes (smallstep/cli#953).
- Add support for Smallstep Managed Endpoint X509 extension
(smallstep/cli#989).
- Support signing a certificate for a private key that can only be used for encryption with the `--skip-csr-signature` flag in `step certificate create`. Some KMSs restrict key usage to a single type of cryptographic operation. This blocks RSA decryption keys from being used to sign a CSR for their public key. Using the `--skip-csr-signature` flag, the public key is used directly with a certificate template, removing the need for the CSR signature.

### Changed

- Increase PBKDF2 iterations to 600k (smallstep/cli#949).
- `--kms` flag is no longer used for the CA (signing) key for `step certificate create`. It was replaced by the `--ca-kms` flag (smallstep/cli#942).

### Fixed

Expand Down

0 comments on commit ce5c69a

Please sign in to comment.