Documentation ¶
Overview ¶
Package ssh installs certificates into flat files on a remote host, using SSH/SCP.
Index ¶
- func New(v *viper.Viper) (encryptomatic.Installer, error)
- type Installer
- func (i *Installer) Cleanup(ctx context.Context) (err error)
- func (i *Installer) GenerateCSR(ctx context.Context) (*x509.CertificateRequest, error)
- func (i *Installer) GetCertificate(ctx context.Context) (*x509.Certificate, error)
- func (i *Installer) SetCertificate(ctx context.Context, caBundle []*x509.Certificate, cert *x509.Certificate, ...) (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Installer ¶
type Installer struct { // Host is the remote hostname to connect to. Host string // Port is the remote port to connect to. Defaults to 22 if not set. Port int // User is the username to use when connecting. User string // SSHPrivateKey is a path to the SSH private key to use when connecting. SSHPrivateKey string `mapstructure:"ssh_private_key"` // HostFingerprint is the OpenSSH SHA-256 fingerprint of the remote server. // If blank, then this Installer will fail when creating a connection with the fingerprint in the error message. HostFingerprint string `mapstructure:"host_fingerprint"` // FullChain is the path on disk to write the entire certificate chain to, including the leaf certificate and any intermediates provided by the server. // If empty, no file will be written. FullChain string `mapstructure:"full_chain"` // Chain is the path to write the certificate chain to, not including the end entity certificate. // If empty, no file will be written. Chain string `mapstructure:"chain"` // EndEntity is the path on disk to write the certificate to. // If empty, no file will be written. EndEntity string `mapstructure:"end_entity"` // FullPrivateChain is the path on disk to write a bundle to, in a format suitable for HAProxy. This is FullChain with PrivateKey concatenated. // If empty, no file will be written. FullPrivateChain string `mapstructure:"full_private_chain"` // PrivateKey is the path on disk to write the private key to. // If empty, no file will be written. // If CertificateRequest is populated, this field is ignored and no file will be written. PrivateKey string `mapstructure:"private_key"` // If this flag is true, private keys will be written with 0666 (before umask), rather than 0600. // Set at your own risk. InsecurePrivateKey bool `mapstructure:"insecure_private_key"` // CertificateRequest is the path on disk to read a certificate request from. // If empty, a certificate request and private key will be automatically generated. CertificateRequest string `mapstructure:"certificate_request"` // BeforeCmd is a command to execute before writing the new certificate. // If empty, no command will be run. BeforeCmd string `mapstructure:"before_cmd"` // AfterCmd is a command to execute after writing the new certificate. // If empty, no command will be run. AfterCmd string `mapstructure:"after_cmd"` // contains filtered or unexported fields }
Installer writes certificates to files on a remote server in various formats.
func (*Installer) GenerateCSR ¶
GenerateCSR reads a CSR off disk, if one has been provided.
func (*Installer) GetCertificate ¶
GetCertificate retrieves the current certificate from disk, or nil if none exists.
func (*Installer) SetCertificate ¶
func (i *Installer) SetCertificate(ctx context.Context, caBundle []*x509.Certificate, cert *x509.Certificate, pkey crypto.PrivateKey) (err error)
SetCertificate installs the provided certificate into the provided files.
Click to show internal directories.
Click to hide internal directories.