slawek/lab-ca
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Updated documentation.

Browse Source
This commit is contained in:
Sławek Koszewski
2025-07-28 10:44:10 +02:00
parent 0e86c49965
commit 8b103f4c0f
2 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
README.md
View File

@@ -23,10 +23,14 @@ The tool is designed to be used from the command line. It has a simple command s
lab-ca <command> [options] lab-ca <command> [options]
``` ```
There are two commands available: The main commands available are:
- `initca` - initialize a new CA - this command creates a new CA and a self-signed CA certificate. - `initca` — Initialize a new CA and create a self-signed CA certificate.
- `issue` - issue a new certificate - this command creates a new certificate signed by the CA. - `issue` — Issue a new certificate signed by the CA.
- `provision` — Provision multiple certificates from a batch file (HCL) in one go.
- `revoke` — Revoke a certificate by name or serial number.
- `crl` — Generate a Certificate Revocation List (CRL) from revoked certificates.
- `version` — Show version information for the tool.
Run the command with `-h` or `--help` or without any arguments to see the usage information. Each command has its own set of options, arguments, and a help message. Run the command with `-h` or `--help` or without any arguments to see the usage information. Each command has its own set of options, arguments, and a help message.
@@ -70,35 +74,47 @@ The `paths` block defines where the command will store the generated certificate
> **NOTE:** The command does not encrypt private keys. It is not designed to be used in a production environment. > **NOTE:** The command does not encrypt private keys. It is not designed to be used in a production environment.
## Certificate Issuance ## Certificate Issuance and Provisioning
To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use batch mode and provide a file with certificate definitions. To issue a new certificate, you can use the `issue` command and specify the certificate definition on the command line, or use the `provision` command to provide a file with multiple certificate definitions for batch processing.
The definition file also uses HCL syntax. Here is an example of a certificate definition: The definition file also uses HCL syntax. Here is an example of a certificate definition file:
```hcl ```hcl
defaults { defaults {
subject = "{{ .Name }}.example.com" subject = "{{ .Name }}.example.org"
type = "server" type = "server"
validity = "1y" validity = "1y"
san = ["DNS:{{ .Name }}.example.com"] san = ["DNS:{{ .Name }}.example.org"]
} }
certificate "grafana" { variables = {
# from default: subject = "{{ .Name }}.example.com" # result: grafana.example.com Domain = "example.net"
# from default: type = "server" Country = "EX"
# from default: validity = "1y"
# from default: san = ["DNS:{{ .Name }}.example.com"] # result: [ "DNS:grafana.example.com" ]
} }
certificate "loki" { certificate "service1" {
subject = "{{ .Name }}.example.net" # result: loki.example.net # from default: subject = "{{ .Name }}.example.org"
# from default: type = "server" # from default: type = "server"
# from default: validity = "1y" # from default: validity = "1y"
san = ["DNS:{{ .Name }}.example.net"] # result: [ "DNS:loki.example.net" ] # from default: san = ["DNS:{{ .Name }}.example.org"]
}
certificate "service2" {
subject = "{{ .Name }}.example.net"
# from default: type = "server"
# from default: validity = "1y"
san = ["DNS:{{ .Name }}.example.net"]
}
certificate "service3" {}
certificate "service4" {
subject = "{{ .Name }}.{{ .Domain }}"
san = ["DNS:{{ .Name }}.{{ .Domain }}"]
} }
``` ```
Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name. Values specified in the `defaults` block will be used for all certificates unless overridden in individual certificate definitions. Go-style template syntax is also supported, so you can use `{{ .Name }}` to refer to the certificate name, and variables from the `variables` map can be used in templates as well.
You can use DNS or IP SANs for server certificates (`server` and `server-only`), and email SANs for email certificates (`email`). The command will check if the SAN is valid based on the type of certificate. You can use DNS or IP SANs for server certificates (`server` and `server-only`), and email SANs for email certificates (`email`). The command will check if the SAN is valid based on the type of certificate.

9
main.go
View File

@@ -200,7 +200,8 @@ func main() {
} }
func printMainHelp() { func printMainHelp() {
fmt.Println("lab-ca - Certificate Authority Utility") fmt.Printf("lab-ca - Certificate Authority Utility\n")
fmt.Printf("Version: %s\n", Version)
fmt.Println() fmt.Println()
fmt.Println("Usage:") fmt.Println("Usage:")
fmt.Println(" lab-ca <command> [options]") fmt.Println(" lab-ca <command> [options]")
@@ -208,10 +209,10 @@ func printMainHelp() {
fmt.Println("Available commands:") fmt.Println("Available commands:")
fmt.Println(" initca Generate a new CA certificate and key") fmt.Println(" initca Generate a new CA certificate and key")
fmt.Println(" issue Issue a new certificate") fmt.Println(" issue Issue a new certificate")
fmt.Println(" version Show version information") fmt.Println(" provision Provision certificates from a batch file (HCL)")
fmt.Println(" crl Generate a Certificate Revocation List (CRL)")
fmt.Println(" revoke Revoke a certificate by name or serial number") fmt.Println(" revoke Revoke a certificate by name or serial number")
fmt.Println(" provision Provision certificates from a batch file (HCL)") fmt.Println(" crl Generate a Certificate Revocation List (CRL)")
fmt.Println(" version Show version information")
fmt.Println() fmt.Println()
fmt.Println("Use 'lab-ca <command> --help' for more information about a command.") fmt.Println("Use 'lab-ca <command> --help' for more information about a command.")
} }