gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 19:01:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ec3258ea0b0823569f266316286e3fae6c0f78a3
certctl/docs
T
History
Shankar ec3258ea0b docs(est): document CERTCTL_EST_PROFILES + per-profile env-var family (G-3 fix) 
The Phase 1 commit (c03ea51) introduced 11 new CERTCTL_EST_PROFILE_*
env vars + the CERTCTL_EST_PROFILES list-trigger but did not document
them in docs/features.md. CI's G-3 docs-drift guard correctly flagged
the gap.

This commit adds 11 rows to docs/features.md::EST Server (RFC 7030)
covering every new env var with its phase reference, default, and
cross-check semantics. Each row includes a forward pointer to the
phase that wires the corresponding behavior:

  - CERTCTL_EST_PROFILES (Phase 1 dispatch)
  - CERTCTL_EST_PROFILE_<NAME>_ISSUER_ID (Phase 1)
  - CERTCTL_EST_PROFILE_<NAME>_PROFILE_ID (Phase 1)
  - CERTCTL_EST_PROFILE_<NAME>_ENROLLMENT_PASSWORD (Phase 3)
  - CERTCTL_EST_PROFILE_<NAME>_MTLS_ENABLED (Phase 2)
  - CERTCTL_EST_PROFILE_<NAME>_MTLS_CLIENT_CA_TRUST_BUNDLE_PATH (Phase 2)
  - CERTCTL_EST_PROFILE_<NAME>_CHANNEL_BINDING_REQUIRED (Phase 2 / RFC 9266)
  - CERTCTL_EST_PROFILE_<NAME>_ALLOWED_AUTH_MODES (Phases 2+3)
  - CERTCTL_EST_PROFILE_<NAME>_RATE_LIMIT_PER_PRINCIPAL_24H (Phase 4)
  - CERTCTL_EST_PROFILE_<NAME>_SERVERKEYGEN_ENABLED (Phase 5)

Verified locally: G-3 guard's defined-vs-documented diff for
CERTCTL_EST_* is now empty.

Spec preserved at cowork/est-rfc7030-hardening-prompt.md.
2026-04-29 22:28:48 +00:00
..
screenshots
fix(security): TICKET-009 add HTTP timeouts to notifier clients
2026-03-27 21:33:31 -04:00
architecture.md
refactor(scep-gui): rebrand SCEP admin surface to per-profile tabbed interface (Profiles + Intune + Recent Activity)
2026-04-29 17:46:42 +00:00
certctl-for-cert-manager-users.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
compliance-nist.md
Unify API auth + RFC-compliant CRL/OCSP (M-002 + M-003 + M-006, auto-closes M-001)
2026-04-18 18:17:41 +00:00
compliance-pci-dss.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
compliance-soc2.md
docs: reconcile scheduler topology across sibling docs (7 → 12 loops)
2026-04-20 02:51:34 +00:00
compliance.md
fix(bundle-6): Audit Integrity + Privacy — 3 audit findings closed
2026-04-26 00:26:44 +00:00
concepts.md
docs: README + concepts + features reflect CRL/OCSP responder bundle
2026-04-29 03:20:44 +00:00
connectors.md
fix(scep-intune): close 11 audit gaps from 2026-04-29 pre-tag review
2026-04-29 20:28:53 +00:00
crl-ocsp.md
docs: CRL/OCSP user guide + architecture cross-reference — Phase 6
2026-04-29 03:09:13 +00:00
database-tls.md
Bundle B: Auth & transport surface tightening — 5 findings closed
2026-04-26 23:09:10 +00:00
demo-advanced.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
examples.md
docs(README,features,examples): replace stale source counts with rebuild commands (S-1 master)
2026-04-25 16:26:44 +00:00
features.md
docs(est): document CERTCTL_EST_PROFILES + per-profile env-var family (G-3 fix)
2026-04-29 22:28:48 +00:00
legacy-est-scep.md
refactor(scep-gui): rebrand SCEP admin surface to per-profile tabbed interface (Profiles + Intune + Recent Activity)
2026-04-29 17:46:42 +00:00
mcp.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
migrate-from-acmesh.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
migrate-from-certbot.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
openapi.md
v2.0.47: HTTPS Everywhere — TLS-only control plane, agents/CLI/MCP
2026-04-20 03:43:10 +00:00
qa-test-guide.md
Bundle Q (Coverage Audit Closure): property-based pilot + hygiene — L-001/L-002/L-003/L-004/I-001 closed
2026-04-27 18:36:47 +00:00
quickstart.md
fix(db): emit volume-state guidance on postgres auth failure (U-1, #10)
2026-04-24 23:21:26 +00:00
scep-intune.md
fix(scep-intune): close 11 audit gaps from 2026-04-29 pre-tag review
2026-04-29 20:28:53 +00:00
security.md
Bundle G: Final audit closure — L-004 + D-003/4/5/7 closed; 54/55 + 7/7
2026-04-27 02:27:44 +00:00
test-env.md
v2.0.48: swap self-signed TLS bootstrap algorithm ed25519 → ECDSA-P256
2026-04-20 04:17:05 +00:00
testing-guide.md
Bundle P.2-extended CI follow-up: rephrase aspirational env-var references to fix G-3 guard
2026-04-27 19:16:19 +00:00
testing-strategy.md
Bundle G: Final audit closure — L-004 + D-003/4/5/7 closed; 54/55 + 7/7
2026-04-27 02:27:44 +00:00
tls.md
Bundle D: Documentation & transparency sweep — 8 findings closed
2026-04-27 00:47:15 +00:00
upgrade-to-tls.md
v2.0.48: swap self-signed TLS bootstrap algorithm ed25519 → ECDSA-P256
2026-04-20 04:17:05 +00:00
upgrade-to-v2-jwt-removal.md
fix(security,config): remove unimplemented JWT auth-type, close silent downgrade (G-1)
2026-04-25 00:22:23 +00:00
why-certctl.md
Update LICENSE metadata
2026-04-26 23:29:59 +00:00