Dustin C. Hatch
be40c05b56
Some checks failed
dustin/sshca/pipeline/head There was a failure building this commit
The *POST /user/sign* operation issues SSH user certificates for the public keys provided. The request must include a valid OpenID Connect Identity token in the `Authorization` request header, which will be used to populate the valid principals in the signed certificate. User certificates are typically issued for a very short duration (one hour by default). This precludes the need for revoking certificates that are no longer trusted; users must reauthenticate frequently and obtain a new certificate.