Tool for auto-renewal certificates and CRL from Vault PKI.
Project description
Vault PKI Agent
Tool for auto-renewal certificates and CRL from Vault PKI.
Usage
Basic usage:
$ vault_pki_agent -c [CONFIG_PATH] -l [LOG_LEVEL]
Log level can be DEBUG (by default), INFO, WARNING, ERROR, CRITICAL
Configuration
Example:
{
"url": "http://111.111.111.111:8200",
"mount_point": "pki",
"auth": {
"method": "approle",
"role_id": "990ff41d-0448-f5d5-e405-22c05a23f976",
"secret_id": "92871b67-0ad6-a4d5-40cc-0d8fb64e2960"
},
"crl": {
"destination": "/etc/openvpn/keys/ca.crl"
},
"certificates": [
{
"role": "server",
"common_name": "server",
"crt_destination": "/etc/openvpn/keys/server.crt",
"key_destination": "/etc/openvpn/keys/server.key",
"hook": "systemctl restart openvpn"
}
]
}
Authentication
Now only two auth methods are implemented:
- token: You must define token property (it can contain root token)
- approle: You must define role_id and secret_id properties. Also you can use role_id_file and secret_id_file properties if you want to read role_id and secret_id from files.
Release
- Bump version in
pyproject.toml
and__init__.py
files - Commit changes and create git tag with new version:
$ git commit -am "Bump version"
$ git tag v0.2.0
- Build and publish new library version:
$ poetry build
$ poetry publish
- Push:
$ git push
$ git push --tags
License
Vault PKI Agent is released under the MIT License. See the LICENSE file for more details.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
vault-pki-agent-0.4.3.tar.gz
(7.2 kB
view hashes)
Built Distribution
Close
Hashes for vault_pki_agent-0.4.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d041a9aa66a1d762a9f7be12e7aa48409390f2a0433c4b661a32b3bb8c41b19d |
|
MD5 | 8402c3c9260ed87647522daa1a13cabd |
|
BLAKE2b-256 | 4014ba553a93542b440f3a9ea88f62d9008372e5e99581fd987dee6800f90bcb |