Open daurnimator opened 4 years ago
All of the necessary things live in the $XDG_CONFIG_HOME/mtls
.
Your key can be found at $XDG_CONFIG_HOME/mtls/$USER.key.gpg
(which you would need to decrypt of course).
Then the Client and Root certificate can be found at $XDG_CONFIG_HOME/mtls/<server-name>/<server-name>.pem
and $XDG_CONFIG_HOME/mtls/<server-name>/<server-name>_Root_CA.pem
.
Your key is encrypted to your PGP key mostly for safety reasons.
A mtls proxy
command could be added as a separate option, but you wouldn't be able to wrap another command and keep the key old decrypted in memory to my knowledge
I'd love a subcommand e.g. mtls run logcli
that would
rm -rf
it while keeping an open handle to the directory)logcli
command from the config file, which might be e.g.:
#!/bin/sh
export LOKI_CLIENT_KEY_PATH=/dev/fd/3
export LOKI_CLIENT_CERT_PATH=/dev/fd/4
export LOKI_CA_CERT_PATH=/dev/fd/5
exec logcli "$@"
How can I use logcli to access a loki instance behind mtls?
Loki supports the env vars:
So the right wrapper/alias should work?