README
¶
golang-self-signed-tls
This library provides a self signed certificate in the formats required to setup a TLS listener in Go without needing to certificate files in your docker container. It ensures we have safe encrypted in flight connections this library generates new certificates each time it is called, reducing the chance of leaked private keys.
Why?
Putting certificate files in your docker container are a security risk. If the container is leaked at some point in the future the private key maybe used to retrospectively decrypt data.
Usage
result, err := GenerateCert(
Hosts([]string{"127.0.0.1", "localhost"}),
RSABits(4096),
ValidFor(365*24*time.Hour),
)
if err != nil {
log.Fatal(err)
}
log.Println("fingerprint", result.Fingerprint)
cert, err := tls.X509KeyPair(result.PublicCert, result.PrivateKey)
if err != nil {
log.Fatal(err)
}
cfg := &tls.Config{Certificates: []tls.Certificate{cert}}
srv := &http.Server{
TLSConfig: cfg,
ReadTimeout: time.Minute,
WriteTimeout: time.Minute,
}
log.Fatal(srv.ListenAndServeTLS("", ""))
License
This code was authored by Mark Wolfe and licensed under the Apache 2.0 license.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GenerateCertResult ¶
GenerateCertResult contains the public certificate and private key in pem format, along with a hex encoded sha fingerprint of the certificate
func GenerateCert ¶
func GenerateCert(options ...Option) (*GenerateCertResult, error)
GenerateCertWithConfig generates the self signed certificates with defaults needed to provide TLS connections to a service.
type Option ¶
type Option func(opts *certOptions)
Option assign configuration for automatic self signed cert generation
Source Files