README
¶
certrenewal
Tool to renew certificates from hashicorp vault.
Build
make
Usage
Copy the example config config.sample.yaml to config.yaml and configure it.
Then run the tool:
./bin/cert-renewal --config config.yaml
Run with --help for all command line arguments.
Configuration
See config.sample.yaml for all valid config options.
CHANGELOG
See CHANGELOG.md.
Documentation
¶
Index ¶
- Variables
- func LoginApprole(config *Config, client *api.Client) error
- func Run(config *Config) (int, error)
- type Cert
- type CertData
- type Config
- type SSHCert
- func (cert *SSHCert) CheckAndRenew(config *Config, client *api.Client) (bool, error)
- func (cert *SSHCert) Issue(config *Config, client *api.Client) error
- func (cert *SSHCert) NeedsRenewal(config *Config) (bool, error)
- func (cert *SSHCert) RunHooks() (err error)
- func (cert *SSHCert) WriteFiles() (err error)
- type SSHData
Constants ¶
This section is empty.
Variables ¶
var ( // ErrConfig will be returned if the config has a problem. ErrConfig = errors.New("cannot read config") // ErrLogin reflects a login problem with the vault server. ErrLogin = errors.New("cannot login") // ErrIssue reflects a problem with the cert renewal. ErrIssue = errors.New("cannot issue new certificate") // ErrCert reflects a problem with the cert. ErrCert = errors.New("problem with cert") )
Functions ¶
func LoginApprole ¶
LoginApprole gets a token from the approle config.
Types ¶
type Cert ¶
type Cert struct {
PrivateKey string `yaml:"private_key"`
CertFile string `yaml:"cert_file"`
ChainFile string `yaml:"chain_file"`
Role string `yaml:"role"`
CN string `yaml:"cn"`
SANS []string `yaml:"sans"`
Hooks []string `yaml:"hooks"`
// contains filtered or unexported fields
}
Cert contains all infos about a certificate.
func (*Cert) CheckAndRenew ¶
CheckAndRenew checks if the cert needs renewal and renews the certs if needed. If renewal is needed the configured hooks will run after the renewal.
func (*Cert) NeedsRenewal ¶
NeedsRenewal checks if the certificate needs renewal. Will return ErrCert error if the certificate cannot be read correctly. If an error will be returned the boolean value is always true.
func (*Cert) WriteFiles ¶
WriteFiles writes the certificate files to disks.
type CertData ¶
type CertData struct {
Certificate string `mapstructure:"certificate"`
Chain []string `mapstructure:"ca_chain"`
PrivateKey string `mapstructure:"private_key"`
}
CertData contains the pem encoded certificate.
type Config ¶
type Config struct {
RoleID string `yaml:"role_id"`
SecretID string `yaml:"secret_id"`
VaultAddr string `yaml:"vault_addr"`
Certs []Cert `yaml:"certs"`
SSH []SSHCert `yaml:"ssh"`
PkiPath string `yaml:"pki_path"`
SSHPath string `yaml:"ssh_path"`
Insecure bool `yaml:"insecure"`
}
Config contains the configuration.
func ReadConfig ¶
ReadConfig reads the configuration from the given file.
type SSHCert ¶
type SSHCert struct {
PrivateKeyPath string `yaml:"private_key"`
PublicKeyPath string `yaml:"public_key"`
CertPath string `yaml:"cert"`
Role string `yaml:"role"`
Hosts []string `yaml:"hosts"`
Hooks []string `yaml:"hooks"`
// contains filtered or unexported fields
}
SSHCert holds the ssh data and metadata from ssh cert.
func (*SSHCert) CheckAndRenew ¶
CheckAndRenew checks if the cert needs renewal and renews the certs if needed. If renewal is needed the configured hooks will run after the renewal.
func (*SSHCert) NeedsRenewal ¶
NeedsRenewal checks if the certificate needs renewal. Will return ErrCert error if the certificate cannot be read correctly. If an error will be returned the boolean value is always true.
func (*SSHCert) WriteFiles ¶
WriteFiles writes the certificate files to disks.
Source Files
Directories