mc/metacrypt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 26f397afc0 Regenerate proto files for mc/ module path master Kyle Isom 2026-03-27 02:54:26 -07:00
  • 28d6f9fa1f Fix ListIssuers auth: move from public to auth-required methods Kyle Isom 2026-03-27 02:24:11 -07:00
  • bbe382dc10 Migrate module path from kyle/ to mc/ org v1.1.0 Kyle Isom 2026-03-27 02:05:59 -07:00
  • 5401181bde Merge pull request 'Bump mcdsl to adopt $PORT env var support' (#1) from feature/port-env-adoption into master kyle 2026-03-27 08:16:23 +00:00
  • 21989df08e Update mcdsl to v1.1.0 (tagged release) Kyle Isom 2026-03-27 01:15:13 -07:00
  • f2f764289f Bump mcdsl to adopt $PORT env var support Kyle Isom 2026-03-27 01:07:07 -07:00
  • 0f5289b661 Add git to alpine builder for private module fetching v1.0.0 Kyle Isom 2026-03-26 14:58:36 -07:00
  • 310ed83f28 Migrate gRPC server to mcdsl grpcserver package Kyle Isom 2026-03-26 14:42:41 -07:00
  • d308db8598 Add /healthz endpoint via mcdsl/health Kyle Isom 2026-03-26 14:18:09 -07:00
  • c5dcb63165 Migrate HTTP server to mcdsl/httpserver Kyle Isom 2026-03-26 14:16:16 -07:00
  • 806f63957b Migrate CSRF, web templates, session cookies, and snapshot to mcdsl Kyle Isom 2026-03-26 14:14:11 -07:00
  • 2a927e5359 Migrate config to mcdsl: Load[T], env overrides, embedded types Kyle Isom 2026-03-26 14:09:58 -07:00
  • d887ca30ca Bump mcdsl from v0.1.0 to v1.0.0 Kyle Isom 2026-03-26 14:06:02 -07:00
  • 56b5bae1f6 Add live integration tests for ACME server (5 tests) Kyle Isom 2026-03-25 21:50:44 -07:00
  • 7749c035ae Add comprehensive ACME test suite (60 tests, 2100 lines) Kyle Isom 2026-03-25 21:01:23 -07:00
  • 7f9e7f433f Treat authenticated callers with no roles as service accounts Kyle Isom 2026-03-25 20:19:14 -07:00
  • a5bb366558 Allow system accounts to issue certificates Kyle Isom 2026-03-25 20:07:22 -07:00
  • 656f22e19b Add vault_sni config for container TLS hostname override Kyle Isom 2026-03-25 19:28:50 -07:00
  • 0722d60308 Fix rootless podman permissions in rift compose Kyle Isom 2026-03-25 18:57:59 -07:00
  • 73f3fde634 Use published mcdsl v0.1.0, remove replace directive Kyle Isom 2026-03-25 18:54:13 -07:00
  • dd698ff6d8 Migrate db, auth to mcdsl; remove mcias client dependency Kyle Isom 2026-03-25 18:42:43 -07:00
  • 5c5d7e184e Fix ECDH zeroization, add audit logging, and remediate high findings Kyle Isom 2026-03-17 14:04:39 -07:00
  • b33d1f99a0 audit response should not have been committed. Kyle Isom 2026-03-16 22:05:14 -07:00
  • a80323e320 Add web UI for SSH CA, Transit, and User engines; full security audit and remediation Kyle Isom 2026-03-16 22:02:06 -07:00
  • 128f5abc4d Update engine specs, audit doc, and server tests for SSH CA, transit, and user engines Kyle Isom 2026-03-16 20:16:23 -07:00
  • 7237b2951e Merge branch 'worktree-agent-a98b5183' Kyle Isom 2026-03-16 20:01:04 -07:00
  • 11929daa78 Merge transit engine branch, resolve conflicts in shared files Kyle Isom 2026-03-16 19:50:47 -07:00
  • cbd77c58e8 Implement transit encryption engine with versioned key management Kyle Isom 2026-03-16 19:45:56 -07:00
  • be3b9d7fe0 Add user-to-user encryption engine with ECDH key exchange and AES-256-GCM Kyle Isom 2026-03-16 19:44:11 -07:00
  • 5ae37da300 Add SSH CA engine with host/user cert signing, profiles, and KRL Kyle Isom 2026-03-16 19:43:32 -07:00
  • 64d921827e Add MEK rotation, per-engine DEKs, and v2 ciphertext format (audit #6, #22) Kyle Isom 2026-03-16 18:27:44 -07:00
  • ac4577f778 Add CRL endpoint, sign-CSR web route, and policy-based issuance authorization Kyle Isom 2026-03-16 15:22:04 -07:00
  • fbd6d1af04 Add policy CRUD, cert management, and web UI updates Kyle Isom 2026-03-15 19:41:11 -07:00
  • 02ee538213 Fix download cookie: SameSite Strict blocks cookie on POST redirect Kyle Isom 2026-03-15 13:50:22 -07:00
  • 4469c650cc Cache issued tgz in memory for one-time download Kyle Isom 2026-03-15 13:44:32 -07:00
  • 4deb469a9d Fix missing gRPC interceptor registrations for RevokeCert, DeleteCert, SignCSR Kyle Isom 2026-03-15 13:42:43 -07:00
  • d574685b99 Add certificate revocation, deletion, and retrieval Kyle Isom 2026-03-15 13:37:54 -07:00
  • 74e35ce63e Add certificate detail page and tests Kyle Isom 2026-03-15 13:24:05 -07:00
  • b4dbc088cb Add certificate issuance, CSR signing, and cert listing to web UI Kyle Isom 2026-03-15 13:21:13 -07:00
  • 65c92fe5ec Add audit logging for all mutating gRPC operations Kyle Isom 2026-03-15 13:11:17 -07:00
  • 8215aaccc5 Add grpcserver test coverage Kyle Isom 2026-03-15 13:07:42 -07:00
  • ad167aed9b Checkpoint: grpc auth fix, issuer list/detail, v2 protos, architecture docs Kyle Isom 2026-03-15 11:39:13 -07:00
  • d0b1875dbb Fix all errcheck linter issues Kyle Isom 2026-03-15 10:36:35 -07:00
  • 87b7323367 Add README with quick-start and links to detailed docs Kyle Isom 2026-03-15 10:33:47 -07:00
  • 33e71eeee9 Fix gosec, errorlint, and gofmt linter errors in unseal.go and grpc.go Kyle Isom 2026-03-15 10:30:18 -07:00
  • 2336bf5061 Add buf lint/breaking targets and fix proto naming violations Kyle Isom 2026-03-15 10:27:52 -07:00
  • fbaf79a8a0 Fix gosec, govet, and errorlint linter errors Kyle Isom 2026-03-15 10:04:12 -07:00
  • dd31e440e6 Add golangci yaml. Kyle Isom 2026-03-15 09:54:33 -07:00
  • 44e5e6e174 Checkpoint: auth, engine, seal, server, grpc updates Kyle Isom 2026-03-15 09:54:04 -07:00
  • 33beb33a13 Add grpc_addr and [web] section to example configs Kyle Isom 2026-03-15 09:11:13 -07:00
  • cc1ac2e255 Separate web UI into standalone metacrypt-web binary Kyle Isom 2026-03-15 09:07:12 -07:00
  • b8e348db03 Add TLS unsealing via gRPC to CLI and server Claude 2026-03-15 16:38:17 +00:00
  • 167db48eb4 Add ACME (RFC 8555) server and Go client library Kyle Isom 2026-03-15 01:31:52 -07:00
  • aa9a378685 Gitignore .claude/worktrees/ Kyle Isom 2026-03-15 01:19:02 -07:00
  • 13598e329f Fix issuer key algorithm and key size placeholders to match P-521 default Kyle Isom 2026-03-15 00:57:03 -07:00
  • fe1fad134d Update issuer expiry placeholder to reflect 3y default Kyle Isom 2026-03-15 00:54:56 -07:00
  • bb09d04997 Change default intermediate issuer expiry from 5y to 3y Kyle Isom 2026-03-15 00:52:01 -07:00
  • 0f1d58a9b8 Persist engine mounts across seal/unseal cycles Kyle Isom 2026-03-15 00:47:48 -07:00
  • 658d067d78 Add architecture docs, fix gRPC/REST API parity, project conventions Kyle Isom 2026-03-14 23:29:51 -07:00
  • 8f77050a84 Implement CA/PKI engine with two-tier X.509 certificate issuance Kyle Isom 2026-03-14 21:57:52 -07:00
  • 4ddd32b117 Implement Phase 1: core framework, operational tooling, and runbook Kyle Isom 2026-03-14 20:43:11 -07:00