diff --git a/README.md b/README.md index 0fa2fbd..2227d35 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,14 @@ The tool is designed to be used from the command line. It has a simple command s lab-ca [options] ``` -There are two commands available: +The main commands available are: -- `initca` - initialize a new CA - this command creates a new CA and a self-signed CA certificate. -- `issue` - issue a new certificate - this command creates a new certificate signed by the CA. +- `initca` — Initialize a new CA and create a self-signed CA certificate. +- `issue` — Issue a new certificate signed by the CA. +- `provision` — Provision multiple certificates from a batch file (HCL) in one go. +- `revoke` — Revoke a certificate by name or serial number. +- `crl` — Generate a Certificate Revocation List (CRL) from revoked certificates. +- `version` — Show version information for the tool. Run the command with `-h` or `--help` or without any arguments to see the usage information. Each command has its own set of options, arguments, and a help message. @@ -70,35 +74,47 @@ The `paths` block defines where the command will store the generated certificate > **NOTE:** The command does not encrypt private keys. It is not designed to be used in a production environment. -## Certificate Issuance +## Certificate Issuance and Provisioning -To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use batch mode and provide a file with certificate definitions. +To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use the `provision` command to provide a file with multiple certificate definitions for batch processing. -The definition file also uses HCL syntax. Here is an example of a certificate definition: +The definition file also uses HCL syntax. Here is an example of a certificate definition file: ```hcl defaults { - subject = "{{ .Name }}.example.com" - type = "server" + subject = "{{ .Name }}.example.org" + type = "server" validity = "1y" - san = ["DNS:{{ .Name }}.example.com"] + san = ["DNS:{{ .Name }}.example.org"] } -certificate "grafana" { - # from default: subject = "{{ .Name }}.example.com" # result: grafana.example.com - # from default: type = "server" - # from default: validity = "1y" - # from default: san = ["DNS:{{ .Name }}.example.com"] # result: [ "DNS:grafana.example.com" ] +variables = { + Domain = "example.net" + Country = "EX" } -certificate "loki" { - subject = "{{ .Name }}.example.net" # result: loki.example.net +certificate "service1" { + # from default: subject = "{{ .Name }}.example.org" # from default: type = "server" # from default: validity = "1y" - san = ["DNS:{{ .Name }}.example.net"] # result: [ "DNS:loki.example.net" ] + # from default: san = ["DNS:{{ .Name }}.example.org"] +} + +certificate "service2" { + subject = "{{ .Name }}.example.net" + # from default: type = "server" + # from default: validity = "1y" + san = ["DNS:{{ .Name }}.example.net"] +} + +certificate "service3" {} + +certificate "service4" { + subject = "{{ .Name }}.{{ .Domain }}" + san = ["DNS:{{ .Name }}.{{ .Domain }}"] } ``` -Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name. +Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name, and variables from the `variables` map can be used in templates as well. You can use DNS or IP SANs for server certificates (`server` and `server-only`), and email SANs for email certificates (`email`). The command will check if the SAN is valid based on the type of certificate. diff --git a/main.go b/main.go index f8d4208..465dd9b 100644 --- a/main.go +++ b/main.go @@ -200,7 +200,8 @@ func main() { } func printMainHelp() { - fmt.Println("lab-ca - Certificate Authority Utility") + fmt.Printf("lab-ca - Certificate Authority Utility\n") + fmt.Printf("Version: %s\n", Version) fmt.Println() fmt.Println("Usage:") fmt.Println(" lab-ca [options]") @@ -208,10 +209,10 @@ func printMainHelp() { fmt.Println("Available commands:") fmt.Println(" initca Generate a new CA certificate and key") fmt.Println(" issue Issue a new certificate") - fmt.Println(" version Show version information") - fmt.Println(" crl Generate a Certificate Revocation List (CRL)") + fmt.Println(" provision Provision certificates from a batch file (HCL)") fmt.Println(" revoke Revoke a certificate by name or serial number") - fmt.Println(" provision Provision certificates from a batch file (HCL)") + fmt.Println(" crl Generate a Certificate Revocation List (CRL)") + fmt.Println(" version Show version information") fmt.Println() fmt.Println("Use 'lab-ca --help' for more information about a command.") }