Documentation
¶
Overview ¶
Package cert has helpers for managing certificates in our services.
The primary helper is the Cert struct, which manages a single TLS certificate. This has functions for getting a *tls.Config for creating a TLS listener, and automatically watches and reloads on any certificate file changes. It also provides functions for atomic replacement of certificates for zero downtime replacement.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cert ¶
type Cert struct {
// contains filtered or unexported fields
}
Cert represents a single certificate.
func New ¶
New initializes a certificate from a PEM-encoded certificate and private key written to disk. This loads the initial certificate and sets up file watchers to watch for any changes to reload the certificate.
func TestCert ¶
func TestCert(t testing.T) *Cert
TestCert returns a valid self-signed certificate for testing.
func (*Cert) Close ¶
Close implements io.Closer. This must be called to properly clean up resources associated with watching for certificate changes.
func (*Cert) GetCertificate ¶
func (c *Cert) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error)
GetCertificate implements the GetCertificate callback for tls.Config and can be used to get the latest certificate at all times.
Source Files