#!/usr/bin/env zsh set -eu keyFile=${2%"-cert.pub"}.pub principalsFile=${keyFile:h}/host-principals gup -u ${keyFile} ${principalsFile} gup -u expiration ssh-keygen -h -Us ../ca/ca.pub -I $(uuidgen) -z $(tai64dec) -V "-1d:$(cat expiration)" -n $(cat ${principalsFile}) -f $1 ${keyFile}