Open Stack

[with links this time]

Security team is pleased to announce the release of Anchor 0.4.0.

Anchor is a lightweight PKI service which provides automated certificate verification and signing. It is a new approach for managing private community PKI deployments such as internal infrastructure, by using short-lived certificates to support an “ephemeral PKI” scheme. For more information on Ephemeral PKI and the problems it solves, please see recent summit presentation https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/secure-ephemeral-pki-with-the-anchor-project

This is the first release with a stable interface for plugins and includes most of the big items planned for the project.
Since the last release, we:

-  Cleaned up and improved secure validation of requests
-  Added plugins to fix up the request before signing
-  Added validation against RFC standards
-  Added integration with PKCS#11 libraries for better signing isolation
-  Automatically publish releases to PyPI
-  Broke out validation functionality for re-use by other services
-  Added detailed documentation

Project resources available at:
-  PyPI: https://pypi.python.org/pypi/anchor/0.4.0
-  Launchpad: https://launchpad.net/anchor