Skip to content

Active revocation via HTTP API#2327

Open
tacerus wants to merge 2 commits intosmallstep:masterfrom
tacerus:activerevocation
Open

Active revocation via HTTP API#2327
tacerus wants to merge 2 commits intosmallstep:masterfrom
tacerus:activerevocation

Conversation

@tacerus
Copy link
Copy Markdown

@tacerus tacerus commented Jul 6, 2025
edited
Loading

Name of feature:

Allow for active revocation via HTTP API.

Pain or issue this feature alleviates:

Active revocation being rejected by the API.

Why is this important to the project (if not answered above):

Above.

Is there documentation on how to use this feature? If so, where?

Not any less documented than the existing HTTP API but will be reflected in Go docs.

In what environments or workflows is this feature supported?

n/a

In what environments or workflows is this feature explicitly NOT supported (if any)?

n/a

Supporting links/other PRs/issues:

This picks the commit from #2085 and adds another with the suggested improvements. As written in the commit message, the Passive boolean is kept as it still seems to be needed for preventing active revocation of SSH certificates.

💔Thank you!

@github-actions github-actions bot added the needs triage Waiting for discussion / prioritization by team label Jul 6, 2025
@tacerus tacerus force-pushed the activerevocation branch from 0cab40a to 5730d1b Compare July 6, 2025 21:00
@tacerus tacerus mentioned this pull request Jul 6, 2025
Open
@tacerus tacerus marked this pull request as ready for review July 6, 2025 21:01
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Dec 14, 2025
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ tacerus
❌ VonRehberg
You have signed the CLA already but the status is still pending? Let us recheck it.

VonRehberg and others added 2 commits January 21, 2026 00:14
@VonRehberg @tacerus
fix: allow active revocation on http revoke endpoint
3f437ad
@tacerus
Clean up active/passive revocation tests
1e858f7 
Amend tests to no longer assert an error message upon active revocation
and to instead validate the success on either revocation variant,
reflecting previous changes.

In theory the "Passive" boolean seems removable as it does not add any
functionality besides being logged, but it was found some instances of
it are still needed to block active revocation for SSH certificates.

Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
@tacerus
Copy link
Copy Markdown
Author

tacerus commented Jan 20, 2026

@VonRehberg I'm not sure if you want to sign the CLA, but the first commit is authored by you, hence the bot is asking for it....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@maraino maraino

@darkfronza darkfronza

Labels

needs triage Waiting for discussion / prioritization by team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@tacerus @CLAassistant @maraino @darkfronza @hslatman @step-ci @VonRehberg