SLT IAM Certificate Authority

ca.streamline.com.ly · step-ca v0.30

This endpoint mints short-lived SSH certificates and X.509 certificates for Streamline staff. It is API-only and does not serve a browser UI.

For operators — first-time bootstrap

Install the step CLI, then:

step ca bootstrap \
  --ca-url https://ca.streamline.com.ly \
  --fingerprint <ask CTO for current root fingerprint>

Daily SSH login

step ssh login <your.email>@streamline.com.ly --provisioner authentik
ssh root@<target-host>

The step ssh login step opens a browser to auth.streamline.com.ly for OIDC sign-in (with MFA). On success, your SSH cert is auto-installed in ssh-agent for ~16 hours.

Useful endpoints

/health   /roots.pem   /provisioners

Service operational

Runbook: docs/security/runbooks/runbook-step-ca.md in the master registry.