mirror/stackexchange-dnscontrol
1
0
Fork 0
mirror of https://github.com/StackExchange/dnscontrol.git synced 2024-05-11 05:55:12 +00:00
Code Issues Releases Activity

creds.json should not be executable under Windows (#1456)

Browse Source 
* Skip CAA flag test for LINODE

* Require go 1.18

* Update CCI to use go 1.18

* go mod tidy

* working

* Update creds.json docs

* go generate
This commit is contained in:
Tom Limoncelli
2022-03-25 15:20:30 -04:00
committed by GitHub
parent 52a8964564
commit ffe21c6e6d
7 changed files with 123 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
docs/creds-json.md Normal file
View File

@@ -0,0 +1,67 @@
---
layout: default
title: creds.json file format
---
# creds.json
When dnscontrol interacts with a provider, any API keys, credentials, or other
configuration parameters required are stored in `creds.json`. The file contains a set of key/value pairs for each configuration. That is, since a provider can be used multiple times with different credentials, the file contains a section for each set of credentials.
Here's a sample file:
```json
{
"cloudflare_tal": {
"apikey": "REDACTED",
"apiuser": "REDACTED"
},
"inside": {
"directory": "inzones",
"filenameformat": "db_%T%?_%D"
},
"hexonet": {
"apilogin": "$HEXONET_APILOGIN",
"apipassword": "$HEXONET_APIPASSWORD",
"debugmode": "$HEXONET_DEBUGMODE",
"domain": "$HEXONET_DOMAIN"
}
}
```
# Format
* Primary keys: (e.g. `cloudflare_tal`, `inside`, `hexonet`)
* ...refer to the first parameter in the `NewRegistrar()` or `NewDnsProvider()` functions in a dnsconfig.js file.
* ...may include any printable character except colon (`:`)
* Convention: all lower case, usually the name of the provider or the username at the provider or both.
* Subkeys: (e.g. `apikey`, `apiuser` and etc.)
* ...are whatever the provider specifies.
* ...can be credentials, secrets, or configuration settings. In the above examples the `inside` setting is configuration parameters for the BIND provider, not credentials.
* A missing subkey is not an error. The value is the empty string.
* Values:
* ...may include any JSON string value including the empty string.
* If a subkey starts with `$`, it is taken as an env variable. In the above example, `$HEXONET_APILOGIN` would be replaced by the value of the environment variable `HEXONET_APILOGIN` or the empty string if no such environment variable exists.
# Using a different name
The `--creds` flag allows you to specify a different file name.
* Normally the file is read as a JSON file.
* Do not end the filename with `.yaml` or `.yml` as some day we hope to support YAML.
* Rather than specifying a file, you can specify a program to be run. The output of the program must be valid JSON and will be read the same way.
* If the name begins with `!`, the remainder of the name is taken to be the command to be run.
* If the name is a file that is executable (chmod `+x` bit), it is taken as the command to be run.
* Exceptions: The `x` bit is not checked if the filename ends with `.yaml`, `.yml` or `.json`.
* Windows: Executing an external script isn't supported. There's no code that prevents it from trying, but it isn't supported.
# Don't store secrets in a Git repo!
Do NOT store secrets in a Git repository. That is not secure. For example,
storing the example `cloudflare_tal` is insecure because anyone with access to
your Git repository or the history will know your apiuser is `REDACTED`.
Removing secrets accidentally stored in Git is very difficult. You'll probably
give up and re-create the repo and lose all history.
Instead, use environment variables as in the `hexonet` example above. Use
secure means to distribute the names and values of the environment variables.

4
docs/get-certs.md
View File

@@ -5,6 +5,10 @@ title: Let's Encrypt Certificate generation
# *Let's Encrypt* Certificate generation
**WARNING: This feature
is frozen and will be removed in early 2023. The "get-certs" command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else. See discussion in [#1400](https://github.com/StackExchange/dnscontrol/issues/1400)**
DNSControl will generate/renew Let's Encrypt certificates using DNS
validation. It is not a complete certificate management system, but
can perform the renewal steps for the system you create. If you

43
docs/index.md
View File

@@ -94,6 +94,42 @@ title: DNSControl
<a href="{{site.github.url}}/migrating">Migrating</a>: Migrating zones to DNSControl
</li>
</ul>
<h2>
Commands
</h2>
<p>
DNSControl sub-commands and options.
</p>
<ul>
<!--
<li>
<a href="check-preview-push">check/preview/push</a>: dnscontrol's fundamentals
</li>
-->
<li>
<a href="creds-json.html">creds.json</a>: creds.json file format
</li>
<li>
<a href="check-creds.html">check-creds</a>: Verify credentials
</li>
<!--
<li>
<a href="create-domains">create-domains</a>: Populate domains at a provider
</li>
<li>
<a href="fmt">fmt</a>: Reformat dnsconfig.js
</li>
-->
<li>
<a href="get-zones.html">get-zones</a>: Query a provider for zone info
</li>
<li>
<a href="get-certs.html">get-certs</a>: Renew SSL/TLS certs (DEPRECATED)
</li>
</ul>
</div>
<div class="col-md-4">
<h2>
@@ -116,9 +152,6 @@ title: DNSControl
<li>
<a href="{{site.github.url}}/caa-builder">CAA Builder</a>: Build CAA records the easy way
</li>
<li>
<a href="{{site.github.url}}/get-certs">Let's Encrypt</a>: Renew your SSL/TLS certs
</li>
</ul>
</div>
<div class="col-md-4">
@@ -130,13 +163,13 @@ title: DNSControl
</p>
<ul>
<li>
<a href="{{site.github.url}}/why-the-dot">Why CNAME/MX/NS targets require a "trailing dot"</a>
<a href="{{site.github.url}}/why-the-dot">Why CNAME/MX targets require a trailing dot</a>
</li>
<li>
<a href="{{site.github.url}}/unittests">Testing</a>: Unit Testing for you DNS Data
</li>
<li>
<a href="{{site.github.url}}/notifications">Notifications</a>: Be alerted when your domains are changed
<a href="{{site.github.url}}/notifications">Notifications</a>: Web-hook for changes
</li>
<li>
<a href="{{site.github.url}}/code-tricks">Code Tricks</a>: Safely use macros and loops.