README
¶
GlobalSign Atlas Certificate Provider Plugin for Hashicorp Vault
atlas-hashicorp-vault plugin lets you manage issue GlobalSign Atlas backed certificates in vault.
Demo
Installation
Before you can use the Plugin's API you will need to install the vault plugin:
(Note: We have automated most of these steps and user can directly navigate to atlas-hashicorp-vault and run make)
-
Create the directory where your Vault server will look for plugins
-
Download the latest
atlas-hashicorp-vaultplugin release package for your operating system. Note that the URL for the source binary file, referenced below, changes as new versions of the plugin are released.$ curl https://github.com/globalsign/atlas-hashicorp-vault/releases/download/v1.0/atlas-linux-amd64 -o /etc/vault/vault_plugins/atlas $ chmod +x /etc/vault/vault_plugins/atlas -
Update the Vault server configuration to specify the plugin directory:
plugin_directory = "/etc/vault/vault_plugins" -
Start your Vault using the server command.
-
Get the SHA-256 checksum of the
atlas-hashicorp-vaultplugin binary:$ PLUGIN_SHA256=$(sha256sum /etc/vault/vault_plugins/atlas-hashicorp-vault | cut -d' ' -f1) -
Register the
atlas-hashicorp-vaultplugin in the Vault system catalog:$ vault write sys/plugins/catalog/secret/atlas \ sha_256="$PLUGIN_SHA256" command="atlas" Success! Data written to: sys/plugins/catalog/secret/atlas
To Configure the installed plugin refer to our Getting Started Guide
Cert-Manager Integration
The Atlas secret engine plugin works with Kubernetes cert-manager. If you would like to try this locally, you can run ./scripts/test-cert-manager.sh on an linux computer.
You can see it working here:
You can refer to our MicroK8s certificate manager tutorial if you would like to hookup GlobalSign Atlas to Kubernetes Certificate manager.
Development
You can develop this plugin using the golang tool-chain and the provided Makefile.
By running make your system will compile the current source, and start a vault server in dev mode.
For convince, we recommend running scripts/test-cli.sh to actuate the plugins functionality. If you are doing this often we recommend setting development credentials as described below, it will reduce your iteration times.
If you are working with the Atlas Client library you will need to have development credentials configured, as it performs integration tests with the Atlas backend.
Development Credentials
Integration test require GlobalSign Atlas credentials, by default these tests will prompt you for your credentials, it will additionally give you the option to persist them. You can manually engage this process by running the ./scripts/login.sh in bash.
The development helpers will ask for plaintext API credentials and PEM formatted client mTLS credentials.
Contributing
We expect changes to meet Hashicorp Vaults' style, to have tests, and to keep coverage above 70%.
Documentation
¶
Overview ¶
Package atlasvault integrates GlobalSign Atlas with Hashicorp Vault using the plugin Interface.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Backend ¶
Backend wraps the Backend framework and adds a map for storing key value pairs
func NewBackend ¶
func NewBackend(conf *logical.BackendConfig, clientConstructor atlasConstructor) *Backend
Backend returns a new Backend framework struct
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
atlas
atlas command is the Vault Atlas Secret Engine entrypoint process.
|
atlas command is the Vault Atlas Secret Engine entrypoint process. |
|
pkg
|
|
|
atlas
Package atlas is an GlobalSign Atlas API Client.
|
Package atlas is an GlobalSign Atlas API Client. |
|
This script acts as a polyfill for base64 util, we need this because its not available on windows and I don't want to pull in a new package manager
|
This script acts as a polyfill for base64 util, we need this because its not available on windows and I don't want to pull in a new package manager |