Skip to content

Instantly share code, notes, and snippets.

@areed
Created October 24, 2022 23:36
Show Gist options
  • Save areed/de2432a34f41c7143034611003418e1f to your computer and use it in GitHub Desktop.
Save areed/de2432a34f41c7143034611003418e1f to your computer and use it in GitHub Desktop.
Connect to Kubernetes API with a yubikey on Ubuntu

Add a keypair to yubikey slot 82

step kms create yubikey:slot-id=82

Verify you can create an attestation certificate

step kms attest yubikey:slot-id=82

Get your cert

step ca certificate --attestation-uri yubikey:slot-id=82 YOUR-SERIAL-NUMBER attest.crt
sudo apt install libengine-pkcs11-openssl and ykcs11
export PKCS11_MODULE_PATH=/usr/lib/x86_64-linux-gnu/libykcs11.so
curl --cert attest.cert --key "pkcs11:object=Private key for Retired Key 1" --cacert root_ca.crt https://$K8S_API:6443/api/v1/namespaces
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment