search

Caiyeon / goldfish

A HashiCorp Vault UI written with VueJS and Vault native Go API
https://vault-ui.io
Mozilla Public License 2.0
2.15k stars 166 forks source link

Certificate management #47

Open Caiyeon opened 7 years ago

Caiyeon commented 7 years ago

It's undecided whether certificates should remain in the Administration -> Users page (for obvious reasons: it's not a user).

Some things that need to be done: Map out the details that a certificate management should have, in the eyes of a user Design the page Design backend wrapper & handlers

rosspeoples commented 6 years ago

I have been considering starting my own Vault UI project focused more on certificate management since nothing seems to exist for it yet. I had been contributing to the Vault UI project to bring various features and improvements to it, but progress is very slow. Goldfish seems to be the only open source UI project for Vault that remains active, so I'm hoping progress can be made here.

To be honest, I am a backend Go developer and I am much better at system programming than user interfaces. I'm hoping that Goldfish could be the UI for Vault that we need. I was planning on writing a library, CLI, and service that can be used to automatically generate TLS certificates from Vault for hosts and/or services, like Goldfish gained the ability to do recently. The plan being to use Vault as an on-premise version of Let's Encrypt and associated tooling.

I started the Viper project as a way to provide a user interface to configuring the PKI backend of Vault to support hosts and services wanting to generate their own TLS certificates with short TTLs. To me, that's the functionality I would desire most over being able to generate certificates manually through a user interface.

Has there been any design/progress on this at all? Thanks.

Caiyeon commented 6 years ago

There's been no code written for this feature, if that is your question. I have some ideas, but I don't see myself having the time to write the code in the foreseeable future.

If this feature were to be implemented, it would likely be implemented from an administrative perspective (e.g. Listing, reading, and updating PKI roles and configurations). Generating certificates via Goldfish will be tertiary (if at all on the radar). I don't see Goldfish improving certificate generation in any form; Vault's HTTP protocol already does a good job.

It seems that Viper is a server less UI. If you wish to contribute to Goldfish, I should note that the design is centralized. Golang backend code serves as an API wrapper. You could contribute to PKI API wrappers, as a starting point. If you wish :)