Make the ceremony declarative #19
Description
We need to change / duplicate the script for the actions that we want to do.
In the end, the capabilities of O.R.CA are limited :
- create a PKI tree
- Sign CSRs by some CA
- Revoke certificates by some CA
- Rotate shares
We may add a few action later but not much.
We could declare the expected state of the PKI tree, a list of CSR to sign per CA, same for revocation. O.R.CA would then take care of creating the corresponding action scripts to run.
The verification before a ceremony would thus be way simpler and more user friendly.