acmevault

command module

v0.0.0-...-82d39d6 Latest Latest Go to latest Published: Jul 30, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/devon-mar/acmevault

Links

Open Source Insights

README ¶

acmevault

Obtain certificates from an ACME CA and store them in Vault.

Environment Variables

Variable	Type	Required	Default	Description
`AV_CERTS`	string	true		The certificates to obtain. See AV_CERTS.
`ACME_TOS_AGREED`	bool	true		Set to true to agree to the ACME CA tos.

`AV_CERTS`

Each certificate is separated by a new line. Each line consists of a comma separated list of domains. The first domain will be used for the certificate CN. Optional comma separated key value pairs can follow:

Key	Type	Default	Description
`keytype`	string	RSA2048	The key type to use.
`reusekey`	bool	false	Reuse the private key when renewing a certificate.
`muststaple`	bool	false	Enable the OCSP must staple extension.

Example:

example.com,www.example.com,reusekey=false
test.example.com,muststaple=true,keytype=EC256

Vault

Variable	Type	Required	Description
`VAULT_KV_MOUNT`	string	true	Vault KVv2 mount path.
`VAULT_KV_CERTS_PATH`	string	true	Path to store the certificates. The certificate CN will be appended.
`VAULT_KV_ACCOUNT_PATH`	string	true	KVv2 path to store the ACME account.
`VAULT_CA`	string	false	The path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate.
`VAULT_CLIENT_CERT_PATH`	string	false	Vault client certificate.
`VAULT_CLIENT_KEY_PATH`	string	false	Vault client private key.
`VAULT_CERT_AUTH`	string	false	Vault cert auth path.
`VAULT_CERT_AUTH_ROLE`	string	false	Vault cert auth role.

ACME

Variable	Type	Required	Default	Description
`ACME_EMAIL`	string	true		The email to use for the ACME account.
`ACME_DIR_URL`	string	true		The ACME CA directory url. (`https://acme-v02.api.letsencrypt.org/directory` for Let's Encrypt) .
`ACME_DNS01_PROVIDER`	string	true		The Lego DNS01 provider to use or `temptxt`.
`ACME_DNS_RESOLVERS`	string	false	false	Comma separated DNS resolvers to use for checking DNS record propogation.
`ACME_DISABLE_COMPLETE_PROPAGATION`	bool	false	false	Disable DNS complete propogation check.

TempTXT DNS01 Provider

Variable	Type	Required	Description
`TEMPTXT_URL`	string	true	The update URL.
`TEMPTXT_CERT`	string	false	The client certificate to use.
`TEMPTXT_KEY`	string	false	The client private key to use.
`TEMPTXT_CA`	string	false	Optional CA to verify the server's SSL certificate.
`TEMPTXT_STRIP_ACME_CHALLENGE`	bool	false	Strip `_acme-challenge.` from the domain when presenting it to the temptxt server.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cert
store

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL