Documentation
¶
Index ¶
Constants ¶
View Source
const ( VaultIssuer = iota CFSSLIssuer AWSIssuer )
Supported issuers
View Source
const ( UnknownAuthMethod = iota ConstantTokenAuthMethod RenewingTokenAuthMethod )
Supported auth methods
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AWS ¶
type AWS struct {
Region string `desc:"The AWS region to use."`
AccessKeyID string `envconfig:"ACCESS_KEY_ID" desc:"The AWS access key ID to use for authenticating with AWS."`
AccessKeySecret string `split_words:"true" desc:"The AWS access key secret to use for authenticating with AWS."`
CertificateAuthorityARN string `envconfig:"CERTIFICATE_AUTHORITY_ARN" desc:"The ARN of a pre-created CA which will be used to issue the certificates."`
TimeToLive int `default:"30" desc:"The lifetime of certificates requested from the AWS CA, in number of days."`
}
AWS issuer configuration.
type AuthMethod ¶ added in v1.7.0
type AuthMethod int
AuthMethod is an enumeration of supported auth methods
func (*AuthMethod) UnmarshalText ¶ added in v1.7.0
func (am *AuthMethod) UnmarshalText(in []byte) error
UnmarshalText implements encoding.TextUnmarshaler for AuthMethod.
type CFSSL ¶
type CFSSL struct {
URL url.URL `desc:"The URL of the CFSSL server."`
CACertPath string `` /* 133-byte string literal not displayed */
Profile string `desc:"The profile on the CFSSL server that should be used. If unset, the default profile will be used."`
AuthKey string `split_words:"true" desc:"Optionally defines an authentication key to use when connecting to CFSSL."`
}
CFSSL issuer configuration.
type Issuer ¶
type Issuer int
Issuer is an enumeration of supported issuers
func (*Issuer) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler for issuer.
type KeyGenerator ¶
type KeyGenerator func() (crypto.PrivateKey, error)
KeyGenerator defines the key generator to use
func (KeyGenerator) Generate ¶
func (k KeyGenerator) Generate() (crypto.PrivateKey, error)
Generate implements certify.KeyGenerator for KeyGenerator
func (*KeyGenerator) UnmarshalText ¶
func (k *KeyGenerator) UnmarshalText(in []byte) error
UnmarshalText implements encoding.TextUnmarshaler for KeyGenerator
type LogFormat ¶
LogFormat is used to format logs
func (*LogFormat) UnmarshalText ¶
UnmarshalText implements encoding.TextUnmarshaler for LogFormat
type Vault ¶
type Vault struct {
URL url.URL `desc:"The URL of the Vault instance."`
Token string `desc:"The Vault secret token that should be used when issuing certificates. DEPRECATED; use AuthMethod instead."`
AuthMethod AuthMethod `split_words:"true" desc:"The method to use for authenticating against Vault. Supported methods are constant and renewing."`
AuthMethodRenewingToken struct {
Initial string `desc:"The token used to initially authenticate against Vault. It must be renewable."`
RenewBefore time.Duration `split_words:"true" default:"30m" desc:"How long before the expiry of the token it should be renewed."`
TimeToLive time.Duration `split_words:"true" default:"24h" desc:"How long the new token should be valid for."`
} `split_words:"true" desc:"Configuration of the renewing token."`
AuthMethodConstantToken vault.ConstantToken `split_words:"true" desc:"The constant token to use when talking to Vault."`
Mount string `default:"pki" desc:"The name under which the PKI secrets engine is mounted."`
Role string `desc:"The Vault Role that should be used when issuing certificates."`
CACertPath string `` /* 133-byte string literal not displayed */
TimeToLive time.Duration `split_words:"true" default:"720h" desc:"Configures the lifetime of certificates requested from the Vault server."`
URISubjectAlternativeNames []string `` /* 213-byte string literal not displayed */
OtherSubjectAlternativeNames []string `` /* 223-byte string literal not displayed */
}
Vault issuer configuration.
Source Files
Click to show internal directories.
Click to hide internal directories.