areed/howto.md

Created October 24, 2022 23:36

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/areed/de2432a34f41c7143034611003418e1f.js"></script>
Save areed/de2432a34f41c7143034611003418e1f to your computer and use it in GitHub Desktop.

Download ZIP

Connect to Kubernetes API with a yubikey on Ubuntu

Raw

howto.md

Add a keypair to yubikey slot 82

step kms create yubikey:slot-id=82

Verify you can create an attestation certificate

step kms attest yubikey:slot-id=82

Get your cert

step ca certificate --attestation-uri yubikey:slot-id=82 YOUR-SERIAL-NUMBER attest.crt

sudo apt install libengine-pkcs11-openssl and ykcs11

export PKCS11_MODULE_PATH=/usr/lib/x86_64-linux-gnu/libykcs11.so
curl --cert attest.cert --key "pkcs11:object=Private key for Retired Key 1" --cacert root_ca.crt https://$K8S_API:6443/api/v1/namespaces