Please consider how you will control who can obtain host certs for which hostnames before using.
Updated publishing code to build with the latest Amazon Linux 2.
Validated for Python 3.7 Lambda runtime.
Updated dependencies.
Various typo fixes.
0.3.0
5 years ago
Python 3.6 Lambda support
Caching of the KMS decrypted CA Private Key Password.
Compressed CA Private Key support, allowing RSA 4096 keys to be set in the Lambda Environment.
Issue certificates for ED25519 public keys (RSA CA).
New option to validate the remote username against the IAM groups of the calling user.
Updated dependencies.
0.2.0
6 years ago
0.2.0 - June 7, 2017
Several changes have been made to the BLESS request format and return values.
Merged Lyft's kmsauth changes into BLESS, adding an optional kmsauth_token parameter.
Changed BLESS requests from using remote_username to remote_usernames and bastion_ip to bastion_ips, both comma- separated lists.
remote_usernames can be used for SSH principals specified in an AuthorizedPrincipalsFile (see SSHD_CONFIG(5)).
Aligning BLESS returns so that Lambda configuration errors raise exceptions, and request errors return a dictionary with either errorType and errorMessage or a certificate.
Updated the sample BLESS client to deal with the new lambda return values.
Additional username validation methods are now supported via configuration.
Config file options can now be set as Lambda environment variables.
For kmsauth requests, it is now possible for users to request certificates for allowed remote user names.
0.1.1
7 years ago
0.1.1 - July 26, 2016
Updates to README.
Updating dependencies to the latest versions.
Example BLESS Client now relies on AWS SDK for credential checks.
BLESS Lambda now checks RSA public key strength before signing.