EdgeCA
EdgeCA is an ephemeral, in-memory CA providing service mesh machine identities, automating the management and issuance of TLS certificates.
It provides developers with a fast, easy, and integrated source of machine identities whilst also providing security teams with the required policy and oversight.
It also enables ephemeral certificate-based authorization, which reduces the need for permanent access credentials, explicit access revocation or traditional SSH key management.
It is easy to install and simple to use.
edgeca server
starts up EdgeCA as a server, which supports mTLS gRPC, GraphQL and Envoy SDS as different ways of providing machine identities.
edgeca gencsr
generates a CSR file
edgeca gencert
connects to the EdgeCA Server using mTLS gRPC to sign a CSR request and provide a certificate and private key.
EdgeCA can run in a number of modes.
- It can generate a self-signed Root CA certificate.
- You can provide the Root CA certificate to use.
- EdgeCA can connect to the Venafi vCert TPP backend to get an issuing certificate, which is then used to generate certificates locally.
- It is also possible to disable completely all local certificate signing and have EdgeCA pass all signing requests directly on to the Venafi back-end.
EdgeCA is a flexible open source solution, written in Go, and licenced with the Apache 2.0 Licence
For more information see the EdgeCA Wiki pages.
The easiest way to install the application is to use snaps
snap install edgeca
Alternatively, use Docker
docker pull edgesec/edgeca
or build EdgeCA from source:
git clone https://github.com/edgesec-org/edgeca.git
cd edgeca
make
Contributing to EdgeCA
EdgeCA is an open source project currently in early development stages. We welcome and appreciate all contributions from the developer community.
Please read our documentation on contributing for more information. To report a problem or share an idea, create an Issue and then use Pull Requests to contribute bug fixes or proposed enhancements. Got questions? Join us on Slack!
License
Copyright 2020-2021 © EdgeSec Ltd. All rights reserved.
EdgeCA is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.