Add optional parameters
NimitS1 opened this issue · 3 comments
Our use case requires us to generate certificates of varying lifetimes. It would be nice to have optional parameters matching "certificate_validity_after_seconds" and "certificate_validity_before_seconds" configuration options.
@NimitS1 I wouldn't recommend allowing the caller to fully control the certificate validity duration, as BLESS shouldn't allow issuing of arbitrarily long lived certificates in the event of a malicious caller.
Would you mind elaborating on your use case for variable certificate durations?
@russell-lewis My bad. Our client is different from the Netflix's client. Our users make a MFA authenticated request to a web app which contacts the lambda. We have a control over what requests eventually go to the lambda.
The reason for different certificate durations was that while most users should be accessing the system for just a short duration, some operations users would need a longer uninterrupted access.
I am closing the issue as I don't see the feature being of use to this repository.
@NimitS1 If I understand your use case correctly, you can keep an SSH session going long after its certificate has expired. Even if you might have a huge batch of ssh commands to run, you can use ssh multiplexing to re-use an existing session.