{"id":19039900,"url":"https://github.com/cert-manager/csi-lib","last_synced_at":"2025-04-23T20:50:45.747Z","repository":{"id":37077218,"uuid":"369616907","full_name":"cert-manager/csi-lib","owner":"cert-manager","description":"A library for building CSI drivers that request certificates from cert-manager","archived":false,"fork":false,"pushed_at":"2024-11-21T09:37:49.000Z","size":447,"stargazers_count":15,"open_issues_count":11,"forks_count":12,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-04-18T05:53:55.297Z","etag":null,"topics":["kubernetes"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cert-manager.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-05-21T18:04:58.000Z","updated_at":"2025-04-14T03:46:40.000Z","dependencies_parsed_at":"2023-01-19T11:02:14.248Z","dependency_job_id":"ce18981e-beda-4ef5-a6f1-be95b31b8bce","html_url":"https://github.com/cert-manager/csi-lib","commit_stats":{"total_commits":149,"total_committers":9,"mean_commits":"16.555555555555557","dds":"0.44966442953020136","last_synced_commit":"bff76660c0a7288b185ec888313cd97b228664e2"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcsi-lib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcsi-lib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcsi-lib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cert-manager%2Fcsi-lib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cert-manager","download_url":"https://codeload.github.com/cert-manager/csi-lib/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250398514,"owners_count":21424000,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes"],"created_at":"2024-11-08T22:19:26.574Z","updated_at":"2025-04-23T20:50:45.725Z","avatar_url":"https://github.com/cert-manager.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png\" height=\"256\" width=\"256\" alt=\"cert-manager project logo\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://godoc.org/github.com/cert-manager/csi-lib\"\u003e\u003cimg src=\"https://godoc.org/github.com/cert-manager/csi-lib?status.svg\" alt=\"cert-manager/csi-lib godoc\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n# cert-manager-csi-lib\n\nA library for building [CSI drivers](https://kubernetes-csi.github.io/docs/)\nwhich interact with [cert-manager's](https://github.com/cert-manager/cert-manager)\nCertificateRequest API.\n\n## Introduction\n\nTo provide identity documents and TLS certificates to Kubernetes Pods, a CSI\ndriver can be used which automatically provisions, rotates and exposes\ncertificates at a user-configured path on a filesystem.\n\nThis avoids user applications needing to understand how these identities are\nprocured, and allows them to be fetched from any supported cert-manager issuer.\n\nThis project is first and foremost presented as a library to better support\nthose wanting to build their own more opinionated identity provisioning drivers\nwhilst still benefiting from the support and adoption of the cert-manager\nproject.\n\nFor example, despite the vast configurability of cert-manager's\nCertificateRequest resource, you may want to restrict/dictate the options used\non the certificates (and their corresponding private key).\nThis means your security teams can be confident that these complex identity\ndocuments are being handled, configured and procured in a manner which meets\nthe organisational goals you have in place.\n\n## Goals\n\nThis library makes it easy to create your own, potentially opinionated, CSI\ndrivers.\n\nIt takes care of:\n\n- Implementing the CSI interface\n- Communicating with the Kubernetes/cert-manager API via CertificateRequests\n- Automatically rotating/renewing certificates near expiry\n- Managing private key \u0026 certificate data on disk\n- Exposing private key \u0026 certificate data to pods\n- Atomically updating written data (to avoid mismatching identity documents)\n\n## Usage\n\nAn example implementation of the CSI driver can be found in the [`example/`](./example)\nsubdirectory.\n\nThis presents a highly configurable CSI driver which allows users to configure\nthe options used when generating private keys and certificate requests using\nCSI volume attributes (specified in-line on a pod).\n\nIf you intend to implement your own CSI driver, the [`manager/interfaces.go`](./manager/interfaces.go)\nfile defines the functions and interfaces you will need to implement.\n\n## Contributing\n\nThis is a part of the cert-manager project and therefore follows the same\ncontribution workflow.\n\nPull requests are welcome, however we strongly recommend creating an issue\n**before** beginning work on your change else there will likely be additional\nrevisions/changes needed before it can be accepted.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fcsi-lib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcert-manager%2Fcsi-lib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcert-manager%2Fcsi-lib/lists"}