GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ketchoop → letsencrypt-to-vault

ketchoop / letsencrypt-to-vault

Licence: MIT License
Renew or get Let's Encrypt certificates and send it to Hashicorp Vault

Programming Languages

shell
77523 projects

Labels

letsencryptdockervaultcertificatescontainercertbothashicorp-vaultrenew

Projects that are alternatives of or similar to letsencrypt-to-vault

Letscertbot
Let's Certbot is a tool builds automated scripts base on Certbot for obtaining, renewing, deploying SSL certificates.
Stars: ✭ 84 (+0%)
Mutual labels:  letsencrypt, certificates, certbot
certbot-dns-ovh
Certbot plugin to respond to DNS-01 challenges by updating the zone.
Stars: ✭ 20 (-76.19%)
Mutual labels:  letsencrypt, certbot
vault-demo
Walkthroughs and scripts for my @hashicorp Vault talks
Stars: ✭ 67 (-20.24%)
Mutual labels:  vault, hashicorp-vault
teamcity-hashicorp-vault-plugin
TeamCity plugin to support HashiCorp Vault
Stars: ✭ 23 (-72.62%)
Mutual labels:  vault, hashicorp-vault
vault-consul-swarm
Deploy Vault and Consul with Docker Swarm
Stars: ✭ 20 (-76.19%)
Mutual labels:  vault, hashicorp-vault
secrets cli
CLI for storing and reading your secrets via vault
Stars: ✭ 24 (-71.43%)
Mutual labels:  vault, hashicorp-vault
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (+336.9%)
Mutual labels:  letsencrypt, certbot
vault-token-helper
@hashicorp Vault Token Helper for macOS, Linux and Windows with support for secure token storage and multiple Vault servers 🔐
Stars: ✭ 74 (-11.9%)
Mutual labels:  vault, hashicorp-vault
pico
A Git-driven task runner built to facilitate GitOps and Infrastructure-as-Code while securely passing secrets to tasks.
Stars: ✭ 51 (-39.29%)
Mutual labels:  vault, hashicorp-vault
letsencrypt-inwx
A small cli utility for automating the letsencrypt dns-01 challenge for domains hosted by inwx.
Stars: ✭ 43 (-48.81%)
Mutual labels:  letsencrypt, certbot
breakglass
A command line tool to provide login credentials from Hashicorp Vault
Stars: ✭ 33 (-60.71%)
Mutual labels:  vault, hashicorp-vault
gke-vault-demo
This demo builds two GKE Clusters and guides you through using secrets in Vault, using Kubernetes authentication from within a pod to login to Vault, and fetching short-lived Google Service Account credentials on-demand from Vault within a pod.
Stars: ✭ 63 (-25%)
Mutual labels:  vault, hashicorp-vault
wat
WAT - Windows ACME Tool
Stars: ✭ 28 (-66.67%)
Mutual labels:  letsencrypt, certbot
acme
Go client library implementation for ACME v2 (RFC8555)
Stars: ✭ 77 (-8.33%)
Mutual labels:  letsencrypt, certbot
httpsbook
《深入浅出HTTPS:从原理到实战》代码示例、勘误、反馈、讨论
Stars: ✭ 77 (-8.33%)
Mutual labels:  letsencrypt, certificates
vault-puppet
Using @hashicorp Vault with Puppet
Stars: ✭ 36 (-57.14%)
Mutual labels:  vault, hashicorp-vault
k8s-vault-webhook
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
Stars: ✭ 107 (+27.38%)
Mutual labels:  vault, hashicorp-vault
vault-consul-docker
Vault + Consul + Docker
Stars: ✭ 75 (-10.71%)
Mutual labels:  vault, hashicorp-vault
rundeck-vault-plugin
Development continues here:
Stars: ✭ 17 (-79.76%)
Mutual labels:  vault, hashicorp-vault
docker-apache-letsencrypt
This docker-image contains a simple Apache webserver and supports https-encryption by great Let's Encrypt certificates!
Stars: ✭ 65 (-22.62%)
Mutual labels:  letsencrypt, certbot
View All Similar Projects ➔

letsencrypt-to-vault

Description

Let's encrypt to Hashicorp Vault

Renew or get Let's Encrypt certificates and send it to Hashicorp Vault

Usage

letsencrypt-to-vault command [-flags] [sitesnames]

Some flags can be set by env vars. Var names for this flags are in parens in flags description below

Flags

  -a, --vaul-addr Address of vault server (VAULT_ADDR)
  -f, --certbot-flags Options that are passed to certbot. Overrides default (CERTBOT_FLAGS)
  -h, --help Show help
  -p, --vault-cert-path Path where certs will be stored (VAULT_CERT_PATH)
  -t, --vault-token Vault token (VAULT_TOKEN)

Default value for certbot-flags is: --webroot --webroot-path /webroot-dir --agree-tos --renew-by-default.

How certs are stored

Path in Vault consists of: your vault cert path and site name. For example, if you have path prefix like secret/my/certs and certs for two sites one.site and another.site it will be secret/my/certs/my.site and /secret/my/certs/another.site. This script sends in Vault fullchain and privkey and save them in key and cert fields.

Docker

This docker container uses and exposes /webroot-dir(by default) for webroot plugin. You can use it to share it to your containerized proxy by volumes_from. If it's not containerized, just use -v flag to share it in place that you need(/usr/share/nginx/webroot for example).

Example:

docker run -ti -v /my/path/for-webroot:/webroot-dir ket4yii/letsencrypt-to-vault renew -t something-uuidgenerated -p secret/my/certs/certs -a http://vault.addr:8200

Kubernetes

Sample CronJob is in .kube directory. If you want to use it, just change args and volumes section in configuration if you need. Default schedule is to run the script once in a three months.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].