Abstraction for Certificate Storage (+ vault storage) (#406)

* new abstraction around storage * re-work completely to fit new acme package pre-solving paradigm * vault storage plugin * add some vendor * delete old vendor pinning mechanism
2024-05-11 05:55:12 +00:00 · 2018-10-08 16:11:19 -04:00
parent 06ee4d6fb1
commit 6764811c5f
211 changed files with 58862 additions and 376 deletions
--- a/commands/getCerts.go
+++ b/commands/getCerts.go
@ -37,6 +37,8 @@ type GetCertsArgs struct {
 	Email          string
 	AgreeTOS       bool
 	Verbose        bool
+	Vault          bool
+	VaultPath      string

 	IgnoredProviders string
 }
@ -80,6 +82,17 @@ func (args *GetCertsArgs) flags() []cli.Flag {
 		Destination: &args.AgreeTOS,
 		Usage:       `Must provide this to agree to Let's Encrypt terms of service`,
 	})
+	flags = append(flags, cli.BoolFlag{
+		Name:        "vault",
+		Destination: &args.Vault,
+		Usage:       `Store certificates as secrets in hashicorp vault instead of on disk.`,
+	})
+	flags = append(flags, cli.StringFlag{
+		Name:        "vaultPath",
+		Destination: &args.VaultPath,
+		Value:       "/secret/certs",
+		Usage:       `Path in vault to store certificates`,
+	})
 	flags = append(flags, cli.StringFlag{
 		Name:        "skip",
 		Destination: &args.IgnoredProviders,
@ -140,13 +153,21 @@ func GetCerts(args GetCertsArgs) error {
 	if err = validateCertificateList(certList, cfg); err != nil {
 		return err
 	}
+
 	acmeServer := args.ACMEServer
 	if acmeServer == "live" {
 		acmeServer = acme.LetsEncryptLive
 	} else if acmeServer == "staging" {
 		acmeServer = acme.LetsEncryptStage
 	}
-	client, err := acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
+
+	var client acme.Client
+
+	if args.Vault {
+		client, err = acme.NewVault(cfg, args.VaultPath, args.Email, acmeServer)
+	} else {
+		client, err = acme.New(cfg, args.CertDirectory, args.Email, acmeServer)
+	}
 	if err != nil {
 		return err
 	}