This PR implements automatic issue and renewal of TLS certificates as well as a bunch of improvements and fixes to the existing security infra.
Auto-certs. We now automatically get a new TLS cert for Nginx from Let's Encrypt. We also automatically renew it when it expires.
Local CA. We've implemented a certificate authority for testing auto-certs locally without connecting to Let's Encrypt.
Vault. We've reimplemented vaultgen to be able to handle deps among files and re-encrypting existing files with a different key. Also vaultgen now generates its own CA cert and use that to sign other certs it generates.
Other. Many small fixes and tweaks to login, encryption and password files.
This PR implements automatic issue and renewal of TLS certificates as well as a bunch of improvements and fixes to the existing security infra.
vaultgen
to be able to handle deps among files and re-encrypting existing files with a different key. Alsovaultgen
now generates its own CA cert and use that to sign other certs it generates.