Here is a summary of steps to setup the bot flow:
  1. Create JWK provisioner with Password
  1. step beta ca provisioner add <name> --create --type JWK
  2. it will prompt you to provide an admin credential = your email
  3. Then SSO
  4. then you will be prompted for the secret / password
  1. Get Secret to “deploy box”
  1. Vault, hard code, k8s secret, etc.
  1. run step ca token [machine name] --ssh on “deploy box” - where you run “create new machine”
  1. Using the provisioner you just created and the password it will mint the token
  1. send token to machine
  1. machine runs step ssh certificate --host --token [token]