Documentation ¶
Index ¶
- Constants
- func ApiConfig(address string, cacert string) (config *api.Config, err error)
- func ExampleCertificateRequestFile() string
- func RenewTokenIfStale(client *api.Client, verbose bool) (err error)
- func UseFSToken(client *api.Client, verbose bool) (ok bool, err error)
- func VaultClient(address string, cacert string, verbose bool) (client *api.Client, err error)
- func VerboseOutput(verbose bool, message string, args ...interface{})
- type CertInfo
- type CertificateBundle
- type CertificateIssuingRole
- type CertificateRequest
- type Certinator
- func (c *Certinator) CaExists(name string) (ok bool, err error)
- func (c *Certinator) ConfigureCRL(name string, vaultUrl string) (err error)
- func (c *Certinator) CreateCA(name string) (err error)
- func (c *Certinator) CreateCerts(caName string, requests []CertificateRequest) (certs CertificateBundle, err error)
- func (c *Certinator) CreateIssuingRole(caName string, role CertificateIssuingRole) (err error)
- func (c *Certinator) DeleteCA(name string) (err error)
- func (c *Certinator) FetchCRL(caName string) (crlPem []byte, err error)
- func (c *Certinator) GenerateCaCert(name string, cn string, exported bool) (secret *api.Secret, err error)
- func (c *Certinator) InitVault() (err error)
- func (c *Certinator) ListCAs() (cas []string, err error)
- func (c *Certinator) ListCerts(caName string) (certs []string, err error)
- func (c *Certinator) RevokeCert(cn string, ca string) (revoked []string, err error)
- func (c *Certinator) RotateCRL(caName string) (err error)
- func (c *Certinator) TuneCA(name string) (err error)
- func (c *Certinator) UnsealVault() (err error)
- func (c *Certinator) UsingRootToken() (ok bool, err error)
- func (c *Certinator) VaultInitialized() (ok bool, err error)
- func (c *Certinator) VaultSealed() (ok bool, err error)
- func (c *Certinator) VaultStatus() (status *api.SealStatusResponse, err error)
Constants ¶
const DEFAULT_CA_MAX_LEASE = "43800h0m0s"
const DEFAULT_CERTIFICATE_ROLE = "cert-issuer"
const DEFAULT_VAULT_TOKEN_FILE = ".vault-token"
const VAULT_TOKEN_ENV_VAR = "VAULT_TOKEN"
Variables ¶
This section is empty.
Functions ¶
func ApiConfig ¶
ApiConfig creates a vault api config in a standard fashion. Stolen from vault-authenticator.
func ExampleCertificateRequestFile ¶
func ExampleCertificateRequestFile() string
func RenewTokenIfStale ¶
RenewTokenIfStale renews a Vault token if it happens to be near expiration.
func UseFSToken ¶
UseFSToken Attempts to use a Vault Token found on the filesystem.
func VaultClient ¶
func VerboseOutput ¶
Types ¶
type CertInfo ¶
type CertInfo struct { IssuingCA string PrivateKey string PrivateKeyType string SerialNumber string Certificate string Expiration int64 }
CertInfo struct for holding certificate info returned from vault.
type CertificateBundle ¶
type CertificateIssuingRole ¶
type CertificateRequest ¶
type CertificateRequest struct { CommonName string `json:"common_name"` Sans string `json:"subject_alt_names"` IpSans string `json:"ip_sans"` Ttl string `json:"ttl"` }
CertificateRequest Struct for keeping track of a certificate that will be created. Definitely NOT a CSR.
type Certinator ¶
func NewCertinator ¶
func NewCertinator(verbose bool) (c *Certinator, err error)
func (*Certinator) ConfigureCRL ¶
func (c *Certinator) ConfigureCRL(name string, vaultUrl string) (err error)
ConfigureCRL Configure the CRL endpoint. Eqivalent to running 'vault write <name>/config/urls issuing_certificates=<vaultUrl>/v1/<name>/ca crl_distribution_points=<vaultUrl>/v1/<name>/crl
func (*Certinator) CreateCA ¶
func (c *Certinator) CreateCA(name string) (err error)
CreateCA Creates a CA. Equivalent of running 'vault secrets enable -path=<name> -description="<description" -max-lease-ttl=43800h pki'
func (*Certinator) CreateCerts ¶
func (c *Certinator) CreateCerts(caName string, requests []CertificateRequest) (certs CertificateBundle, err error)
func (*Certinator) CreateIssuingRole ¶
func (c *Certinator) CreateIssuingRole(caName string, role CertificateIssuingRole) (err error)
CreateIssuingRole Create a role with which to issue certificates. Equivalent to running 'vault write <caName>/roles/<roleName> allowed_domains="<domain>" allow_subdomains="true" max_ttl="8760h" ttl="8760h" allow_ip_sans=true allow_localhost=true
func (*Certinator) DeleteCA ¶
func (c *Certinator) DeleteCA(name string) (err error)
DeleteCA Deletes a CA. Equivalent of running 'vault secrets disable <name>'
func (*Certinator) FetchCRL ¶
func (c *Certinator) FetchCRL(caName string) (crlPem []byte, err error)
func (*Certinator) GenerateCaCert ¶
func (c *Certinator) GenerateCaCert(name string, cn string, exported bool) (secret *api.Secret, err error)
Generate CA Cert generates the CA cert. Equivalent to running 'vault write <name>/root/generate/internal common_name=<common name> ttl=43800h' or 'vault write <name>/root/generate/exported common_name=<common name> ttl=43800h' returns the secret generated, which may or may not contain the CA Private Key, depending on how you called the function.
func (*Certinator) InitVault ¶
func (c *Certinator) InitVault() (err error)
func (*Certinator) ListCAs ¶
func (c *Certinator) ListCAs() (cas []string, err error)
func (*Certinator) ListCerts ¶
func (c *Certinator) ListCerts(caName string) (certs []string, err error)
func (*Certinator) RevokeCert ¶
func (c *Certinator) RevokeCert(cn string, ca string) (revoked []string, err error)
func (*Certinator) RotateCRL ¶
func (c *Certinator) RotateCRL(caName string) (err error)
func (*Certinator) TuneCA ¶
func (c *Certinator) TuneCA(name string) (err error)
TuneCA Tunes the CA. Equivalent of running 'vault secrets tune -max-lease-ttl=43800h <name>'
func (*Certinator) UnsealVault ¶
func (c *Certinator) UnsealVault() (err error)
func (*Certinator) UsingRootToken ¶
func (c *Certinator) UsingRootToken() (ok bool, err error)
func (*Certinator) VaultInitialized ¶
func (c *Certinator) VaultInitialized() (ok bool, err error)
func (*Certinator) VaultSealed ¶
func (c *Certinator) VaultSealed() (ok bool, err error)
func (*Certinator) VaultStatus ¶
func (c *Certinator) VaultStatus() (status *api.SealStatusResponse, err error)