encryptomatic

package module
v0.0.0-...-1867f9a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 9, 2017 License: Apache-2.0 Imports: 15 Imported by: 0

README

encryptomatic

encryptomatic is a utility for automatically issuing and renewing TLS certificates using the ACME protocol.

It is primarily designed for the task of issuing and installing TLS certificates on devices which may not themselves support ACME, such as on FreeNAS and on HP Integrated Lights Out (ILO) systems, but also supports installing certificates on the local disk and on remote machines.

Supported Endpoints

  • Local filesystem (file)
  • Remote server via SSH (ssh)
  • FreeNAS (freenas)
  • HP ILO2 (hpilo2)
  • DigitalOcean LoadBalancers (digitalocean)

Supported Domain Control Verification Methods

  • Cloudflare DNS (cloudflare)
  • DigitalOcean DNS (digitalocean)

Documentation

Overview

Package encryptomatic handles granting SSL certificates via ACME to devices which may not natively support that.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterInstaller 

func RegisterInstaller(name string, installer InstallerFactory)

func RegisterVerifier 

func RegisterVerifier(name string, verifier VerifierFactory)

Types

type CSRGenerator 

type CSRGenerator interface {
	GenerateCSR(ctx context.Context) (*x509.CertificateRequest, error)
}

CSRGenerator represents an endpoint which can generate its own certificate request/private key pair.

type CertificateRequest 

type CertificateRequest struct {
	// Targets are the target devices which this certificate should be installed on.
	Targets []Installer

	// Names are the domains which this certificate should be requested for.
	Names []string

	// Key is the private key to use to sign the request. If nil, a private key will be generated.
	Key crypto.PrivateKey

	// Request is the pre-generated, pre-signed request. If set, Names and Key will be ignored.
	Request *x509.CertificateRequest
}

CertificateRequest describes a request for a single certificate.

type Encryptomatic 

type Encryptomatic struct {
	// Verifiers is a slice of the available verifiers. They should each implement one of the available verification APIs.
	Verifiers []Verifier

	// Client is the acme.Client to use to retrieve certificates.
	// It should already have been registered with the directory, and the Terms-of-Service agreed to.
	Client acmeClient
}

Encryptomatic ties together Verifiers, a Client, and CertificateRequests.

func (*Encryptomatic) Request 

func (e *Encryptomatic) Request(ctx context.Context, reqs []CertificateRequest) error

Request requests certificates for the provided CertificateRequests.

type Installer 

type Installer interface {
	SetCertificate(ctx context.Context, caBundle []*x509.Certificate, cert *x509.Certificate, privKey crypto.PrivateKey) error
	GetCertificate(ctx context.Context) (*x509.Certificate, error)
}

Installer represents a method of installing a certificate onto a device.

type InstallerFactory 

type InstallerFactory func(v *viper.Viper) (Installer, error)

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}
var (
	DefaultRegistry *Registry = nil
)

func (*Registry) Installer 

func (r *Registry) Installer(name string, v *viper.Viper) (Installer, error)

func (*Registry) Verifier 

func (r *Registry) Verifier(name string, v *viper.Viper) (Verifier, error)

type Verifier 

type Verifier interface {
	CanVerify(ctx context.Context, name string) (bool, error)
}

Verifier represents a method of asserting control over a domain. They should implement one of the more-specific interfaces, such as VerifierDNS01.

type VerifierDNS01 

type VerifierDNS01 interface {
	Verifier
	VerifyDNS01Record(ctx context.Context, name, value string) error
}

VerifierDNS01 is a Verifier that supports asserting domain control using the ACME dns-01 method (i.e. the creation of a TXT record).

type VerifierFactory 

type VerifierFactory func(v *viper.Viper) (Verifier, error)

Source Files

View all Source files

Directories

Path Synopsis
base
digitalocean
Package digitalocean adds some convenience methods to the DigitalOcean API.
 Package digitalocean adds some convenience methods to the DigitalOcean API.
cmd
encryptomatic command
Package encryptoutil provides some useful X.509 utilities.
 Package encryptoutil provides some useful X.509 utilities.
installer
digitalocean
Package digitalocean handles installing certificates to load balancers.
 Package digitalocean handles installing certificates to load balancers.
file
Package file installs certificates into flat files on disk.
 Package file installs certificates into flat files on disk.
freenas
Package freenas installs certificates on a FreeNAS 11 server.
 Package freenas installs certificates on a FreeNAS 11 server.
hpilo2
Package hpilo2 allows installation of SSL certificates on HP ILO2 machines.
 Package hpilo2 allows installation of SSL certificates on HP ILO2 machines.
ssh
Package ssh installs certificates into flat files on a remote host, using SSH/SCP.
 Package ssh installs certificates into flat files on a remote host, using SSH/SCP.
verifier
cloudflare
Package cloudflare automates verification of domain control using Cloudflare's API.
 Package cloudflare automates verification of domain control using Cloudflare's API.
digitalocean
Package digitalocean handles responding to DNS-01 ACME challenges using DigitalOcean domains.
 Package digitalocean handles responding to DNS-01 ACME challenges using DigitalOcean domains.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.