search

broadinstitute / puppet-certs

SSL Certificate File Management for Puppet
BSD 3-Clause "New" or "Revised" License
4 stars 6 forks source link

Add ability to define certificate contents via YAML files #105

Closed bschonec closed 1 year ago

bschonec commented 1 year ago

It would be nice to be able to create the public and private cert/key files via a definition in Hiera. The public key can be defined in clear text and the private key could be defined via eyaml encryption.

linuxmail commented 1 year ago

hi,

that works already, as this example:

...
certs::sites:
  'example.com':
    service: false
    dhparam: true
    dhparam_content: "%{hiera('example_dh_2048')}"
    dhparam_file: 'dh_2048.pem'
    dhparam_dir: '/etc/ssl/private'
    ca_name: "digicert_sha256_2020_ca1"
    ca_cert: true
    ca_content: "%{hiera('digicert_tls_rsa_sha256_2020_ca1')}"
    cert_chain: true
    chain_path: '/etc/ssl/private'
    chain_name: "example_chain"
    chain_content: "%{hiera('wildcard_example_cert')}%{hiera('digicert_tls_rsa_sha256_2020_ca1')}"
    cert_content: "%{hiera('wildcard_example_cert')}"
    cert_mode: '0640'
    group: 'ssl-cert'
    key_content: "%{hiera('wildcard_example_key')}"
    key_mode: '0640'
...

wildcard_example_cert: |
  -----BEGIN CERTIFICATE-----
  MIIGuTCCBaGgAwIBAgIQD4uhXDRfP7w9hohPiDC1bzANBgkqhkiG9w0BAQsFADBP
  MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBE
...
  -----END CERTIFICATE-----
#!
...
wildcard_example_key: DEC(155)::GPG[-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAw3bX1F8SiKkV+FAppFSrBHnq8lhGZcFTe5cmCjKzBl5TcCAx
...

Same for key / certs / dh ...

cu denny

bschonec commented 1 year ago

Thank you for the information. I have created both public and private certs using your help.