certinator

package
v0.0.0-...-af8ca49 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const DEFAULT_CA_MAX_LEASE = "43800h0m0s"
View Source 
const DEFAULT_CERTIFICATE_ROLE = "cert-issuer"
View Source 
const DEFAULT_VAULT_TOKEN_FILE = ".vault-token"
View Source 
const VAULT_TOKEN_ENV_VAR = "VAULT_TOKEN"

Variables

This section is empty.

Functions

func ApiConfig 

func ApiConfig(address string, cacert string) (config *api.Config, err error)

ApiConfig creates a vault api config in a standard fashion. Stolen from vault-authenticator.

func ExampleCertificateRequestFile 

func ExampleCertificateRequestFile() string

func RenewTokenIfStale 

func RenewTokenIfStale(client *api.Client, verbose bool) (err error)

RenewTokenIfStale renews a Vault token if it happens to be near expiration.

func UseFSToken 

func UseFSToken(client *api.Client, verbose bool) (ok bool, err error)

UseFSToken Attempts to use a Vault Token found on the filesystem.

func VaultClient 

func VaultClient(address string, cacert string, verbose bool) (client *api.Client, err error)

func VerboseOutput 

func VerboseOutput(verbose bool, message string, args ...interface{})

Types

type CertInfo 

type CertInfo struct {
	IssuingCA      string
	PrivateKey     string
	PrivateKeyType string
	SerialNumber   string
	Certificate    string
	Expiration     int64
}

CertInfo struct for holding certificate info returned from vault.

type CertificateBundle 

type CertificateBundle map[string]CertInfo

type CertificateIssuingRole 

type CertificateIssuingRole struct {
	Name       string
	Domains    []string
	Subdomains bool
	IpSans     bool
	Localhost  bool
	MaxTTL     string
	Ttl        string
}

type CertificateRequest 

type CertificateRequest struct {
	CommonName string `json:"common_name"`
	Sans       string `json:"subject_alt_names"`
	IpSans     string `json:"ip_sans"`
	Ttl        string `json:"ttl"`
}

CertificateRequest Struct for keeping track of a certificate that will be created. Definitely NOT a CSR.

type Certinator 

type Certinator struct {
	Client  *api.Client
	Verbose bool
}

func NewCertinator 

func NewCertinator(verbose bool) (c *Certinator, err error)

func (*Certinator) CaExists 

func (c *Certinator) CaExists(name string) (ok bool, err error)

func (*Certinator) ConfigureCRL 

func (c *Certinator) ConfigureCRL(name string, vaultUrl string) (err error)

ConfigureCRL Configure the CRL endpoint. Eqivalent to running 'vault write <name>/config/urls issuing_certificates=<vaultUrl>/v1/<name>/ca crl_distribution_points=<vaultUrl>/v1/<name>/crl

func (*Certinator) CreateCA 

func (c *Certinator) CreateCA(name string) (err error)

CreateCA Creates a CA. Equivalent of running 'vault secrets enable -path=<name> -description="<description" -max-lease-ttl=43800h pki'

func (*Certinator) CreateCerts 

func (c *Certinator) CreateCerts(caName string, requests []CertificateRequest) (certs CertificateBundle, err error)

func (*Certinator) CreateIssuingRole 

func (c *Certinator) CreateIssuingRole(caName string, role CertificateIssuingRole) (err error)

CreateIssuingRole Create a role with which to issue certificates. Equivalent to running 'vault write <caName>/roles/<roleName> allowed_domains="<domain>" allow_subdomains="true" max_ttl="8760h" ttl="8760h" allow_ip_sans=true allow_localhost=true

func (*Certinator) DeleteCA 

func (c *Certinator) DeleteCA(name string) (err error)

DeleteCA Deletes a CA. Equivalent of running 'vault secrets disable <name>'

func (*Certinator) FetchCRL 

func (c *Certinator) FetchCRL(caName string) (crlPem []byte, err error)

func (*Certinator) GenerateCaCert 

func (c *Certinator) GenerateCaCert(name string, cn string, exported bool) (secret *api.Secret, err error)

Generate CA Cert generates the CA cert. Equivalent to running 'vault write <name>/root/generate/internal common_name=<common name> ttl=43800h' or 'vault write <name>/root/generate/exported common_name=<common name> ttl=43800h' returns the secret generated, which may or may not contain the CA Private Key, depending on how you called the function.

func (*Certinator) InitVault 

func (c *Certinator) InitVault() (err error)

func (*Certinator) ListCAs 

func (c *Certinator) ListCAs() (cas []string, err error)

func (*Certinator) ListCerts 

func (c *Certinator) ListCerts(caName string) (certs []string, err error)

func (*Certinator) RevokeCert 

func (c *Certinator) RevokeCert(cn string, ca string) (revoked []string, err error)

func (*Certinator) RotateCRL 

func (c *Certinator) RotateCRL(caName string) (err error)

func (*Certinator) TuneCA 

func (c *Certinator) TuneCA(name string) (err error)

TuneCA Tunes the CA. Equivalent of running 'vault secrets tune -max-lease-ttl=43800h <name>'

func (*Certinator) UnsealVault 

func (c *Certinator) UnsealVault() (err error)

func (*Certinator) UsingRootToken 

func (c *Certinator) UsingRootToken() (ok bool, err error)

func (*Certinator) VaultInitialized 

func (c *Certinator) VaultInitialized() (ok bool, err error)

func (*Certinator) VaultSealed 

func (c *Certinator) VaultSealed() (ok bool, err error)

func (*Certinator) VaultStatus 

func (c *Certinator) VaultStatus() (status *api.SealStatusResponse, err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.