acmevault

module
v1.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 23, 2024 License: Apache-2.0

README

acmevault

Go Report Card test-workflow release-workflow golangci-lint-workflow

Features

🔐 Issues certificates from any ACME provider, such as Let's Encrypt
⏰ Automatically renews certificates before they expire
🔌 Stores all data inside Vault and thus decouples from clients

Why would I need this?

Problem Statement

Rolling out TLS encryption shouldn't need to be pitched anymore (even for internal services). Using the DNS01 ACME challenge is proven and allows issuing certs non-public routable machines. On the other hand, you need to have access to either highly-privileged/narrowly-scoped credentials of your DNS provider to solve these DNS01 challenges.

In the case of Route53, if you don't want to end up creating dozens of hosted zones, one for each of your subdomains, you're at risk of leaking highly-privileged IAM credentials.

Acmevault requests short-lived IAM credentials for Route53 and uses them to perform DNS01 challenges for the configured domains and writes the issued X509 certificates to Hashicorp Vault's K/V secret store - only readable by the appropriate AppRole.

Its client mode reads the respective written certificates from Vault and installs them to a preconfigured location, optionally invoking post-installation hooks.

Overview

Overview

Installation

Docker / Podman
$ git clone https://github.com/soerenschneider/acmevault
$ cd acmevault
$ docker run -v $(pwd)/contrib:/config ghcr.io/soerenschneider/acmevault -conf /config/server.json
Binaries

Download a prebuilt binary from the releases section for your system.

From Source

As a prerequisite, you need to have Golang SDK installed. Then you can install acmevault from source by invoking:

$ go install github.com/soerenschneider/acmevault@latest

Configuration

See the configuration section for examples and configuration reference.

Observability

See the metrics section for an overview of exposed metrics.

Changelog

See the full changelog here

Directories

Path Synopsis
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL