gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 14:21:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(readme): quiet the Status block

Browse Source 
The previous version crammed 5 bold-emphasized inline links plus
inline code into a single paragraph — visually loud and hard to
scan. Rewrite as two short paragraphs:

- First paragraph: what's production-quality + what's still
  maturing. No links, em-dash cadence for breathing room.
- Second paragraph: v2.1.0 OIDC + sessions + break-glass slice
  with a single issue-link tail. Drops the bold-link sandwich
  in favor of plain prose; the doc-nav table directly below
  handles per-doc routing.

Same content, same early-access framing, far less visual noise.
This commit is contained in:
shankar0123
2026-05-11 17:08:21 +00:00
parent 56e2ea1ad7
commit de53847f51
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+3 -1
View File
@@ -13,7 +13,9 @@ certctl is a self-hosted platform that automates the entire TLS certificate life
The CA/Browser Forum's [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) caps public TLS certificates at **200 days by March 2026**, **100 days by 2027**, and **47 days by 2029**. At 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever. Manual workflows stop being a choice.
> **Status: Early-access.** Production-quality core (Local CA, ACME, agent deployment, CRUD, audit, [role-based authz](docs/operator/rbac.md) with auditor split + day-0 bootstrap + four-eyes approval) with broader feature surface (intermediate CA hierarchy, ACME/SCEP/EST servers, network appliances) still maturing. **v2.1.0 ships [federated identity](docs/operator/oidc-runbooks/index.md) in early-access:** OIDC SSO (Keycloak, Authentik, Okta, Auth0, Entra ID, Google Workspace), HMAC-signed server-side sessions with `__Host-` cookies + CSRF rotation, [RFC OIDC Back-Channel Logout](docs/reference/auth-standards-implemented.md), and Argon2id [break-glass admin](docs/operator/security.md). Lab and dev deployments encouraged; production deployments welcome with the understanding that customer-scale battle-testing is in progress. **[Open a GitHub issue](https://github.com/certctl-io/certctl/issues) for any rough edges** — especially in the new federated-identity surface, where real-world IdP shapes surface fast.
> **Status: Early-access.** Production-quality core Local CA, ACME, agent deployment, CRUD, audit, role-based authz (auditor split + day-0 bootstrap + four-eyes approval). Broader surface intermediate CA hierarchy, ACME/SCEP/EST servers, network appliances — still maturing.
>
> v2.1.0 ships federated identity in early-access: OIDC SSO across Keycloak, Authentik, Okta, Auth0, Entra ID, and Google Workspace; HMAC-signed server-side sessions with `__Host-` cookies and CSRF rotation; OIDC Back-Channel Logout; Argon2id break-glass admin. Lab and dev deployments encouraged; production welcomed with the understanding that customer-scale battle-testing is in progress — please [file issues](https://github.com/certctl-io/certctl/issues) on the federated-identity surface, where real-world IdP shapes surface fast.
> **Actively maintained, shipping weekly.** [Open an issue](https://github.com/certctl-io/certctl/issues) if something breaks. CI runs the full test suite with race detection, static analysis, and vulnerability scanning on every commit.