Documentation
¶
Overview ¶
Package ssh installs certificates into flat files on a remote host, using SSH/SCP.
Index ¶
- func New(v *viper.Viper) (encryptomatic.Installer, error)
- type Installer
- func (i *Installer) Cleanup(ctx context.Context) (err error)
- func (i *Installer) GenerateCSR(ctx context.Context) (*x509.CertificateRequest, error)
- func (i *Installer) GetCertificate(ctx context.Context) (*x509.Certificate, error)
- func (i *Installer) SetCertificate(ctx context.Context, caBundle []*x509.Certificate, cert *x509.Certificate, ...) (err error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Installer ¶
type Installer struct {
// Host is the remote hostname to connect to.
Host string
// Port is the remote port to connect to. Defaults to 22 if not set.
Port int
// User is the username to use when connecting.
User string
// SSHPrivateKey is a path to the SSH private key to use when connecting.
SSHPrivateKey string `mapstructure:"ssh_private_key"`
// HostFingerprint is the OpenSSH SHA-256 fingerprint of the remote server.
// If blank, then this Installer will fail when creating a connection with the fingerprint in the error message.
HostFingerprint string `mapstructure:"host_fingerprint"`
// FullChain is the path on disk to write the entire certificate chain to, including the leaf certificate and any intermediates provided by the server.
// If empty, no file will be written.
FullChain string `mapstructure:"full_chain"`
// Chain is the path to write the certificate chain to, not including the end entity certificate.
// If empty, no file will be written.
Chain string `mapstructure:"chain"`
// EndEntity is the path on disk to write the certificate to.
// If empty, no file will be written.
EndEntity string `mapstructure:"end_entity"`
// FullPrivateChain is the path on disk to write a bundle to, in a format suitable for HAProxy. This is FullChain with PrivateKey concatenated.
// If empty, no file will be written.
FullPrivateChain string `mapstructure:"full_private_chain"`
// PrivateKey is the path on disk to write the private key to.
// If empty, no file will be written.
// If CertificateRequest is populated, this field is ignored and no file will be written.
PrivateKey string `mapstructure:"private_key"`
// If this flag is true, private keys will be written with 0666 (before umask), rather than 0600.
// Set at your own risk.
InsecurePrivateKey bool `mapstructure:"insecure_private_key"`
// CertificateRequest is the path on disk to read a certificate request from.
// If empty, a certificate request and private key will be automatically generated.
CertificateRequest string `mapstructure:"certificate_request"`
// BeforeCmd is a command to execute before writing the new certificate.
// If empty, no command will be run.
BeforeCmd string `mapstructure:"before_cmd"`
// AfterCmd is a command to execute after writing the new certificate.
// If empty, no command will be run.
AfterCmd string `mapstructure:"after_cmd"`
// contains filtered or unexported fields
}
Installer writes certificates to files on a remote server in various formats.
func (*Installer) GenerateCSR ¶
GenerateCSR reads a CSR off disk, if one has been provided.
func (*Installer) GetCertificate ¶
GetCertificate retrieves the current certificate from disk, or nil if none exists.
func (*Installer) SetCertificate ¶
func (i *Installer) SetCertificate(ctx context.Context, caBundle []*x509.Certificate, cert *x509.Certificate, pkey crypto.PrivateKey) (err error)
SetCertificate installs the provided certificate into the provided files.
Source Files
Click to show internal directories.
Click to hide internal directories.