{"id":20148205,"url":"https://github.com/chainguard-dev/incert","last_synced_at":"2025-04-05T10:07:01.155Z","repository":{"id":153280173,"uuid":"628599987","full_name":"chainguard-dev/incert","owner":"chainguard-dev","description":"Add CA certificates into containers","archived":false,"fork":false,"pushed_at":"2025-03-25T00:43:10.000Z","size":92,"stargazers_count":144,"open_issues_count":8,"forks_count":17,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-29T09:08:00.553Z","etag":null,"topics":["ca-certificates","container","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-04-16T13:10:33.000Z","updated_at":"2025-02-25T07:24:37.000Z","dependencies_parsed_at":"2024-07-09T10:18:10.041Z","dependency_job_id":"123ff9f1-0967-4c9a-91e8-59f7df6af3b8","html_url":"https://github.com/chainguard-dev/incert","commit_stats":null,"previous_names":["dlorenc/incert","dlorenc/certko","chainguard-dev/incert"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fincert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fincert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fincert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fincert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/incert/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247318744,"owners_count":20919484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ca-certificates","container","golang"],"created_at":"2024-11-13T22:35:20.802Z","updated_at":"2025-04-05T10:07:01.137Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# incert\n\n`incert` is a Go program that appends CA certificates to Docker images and pushes the modified image to a specified registry.\n\n(this used to be named `certko`)\n\n## Installation\n\nBinaries for various architectures are available from the [releases](../../releases) page.\n\nIf you have a Go installation, you can install `incert` with the following command:\n\n```bash\n$ go install github.com/chainguard-dev/incert@latest\n```\n\nAlternatively, you can also build from source by cloning the repo and running `go build`.\n\n## Flags\n\n`incert` supports the following flags:\n\n```shell\n  -ca-certs-file string\n        The path to the local CA certificates file\n  -ca-certs-image-url string\n        The URL of an image to extract the CA certificates from\n  -dest-image-url string\n        The URL of the image to push the modified image to\n  -image-cert-path string\n        The path to the certificate file in the image (optional) (default \"/etc/ssl/certs/ca-certificates.crt\")\n  -image-url string\n        The URL of the image to append the CA certificates to\n  -output-certs-path string\n        Output the (appended) certificates file from the image to a local file (optional)\n  -owner-group-id int\n        The group ID of the owner of the certificate file in the image (optional)\n  -owner-user-id int\n        The user ID of the owner of the certificate file in the image (optional)\n  -platform string\n        The platform to build the image for (default \"linux/amd64\")\n  -replace-certs\n        Replace the certificates in the certificate file instead of appending them\n```\n\n## Example\n\nTo append a corporate CA certificate to an image, use the following command:\n\n```bash\n$ incert -image-url=mycompany/myimage:latest -ca-certs-file=/path/to/cacerts.pem -dest-image-url=myregistry/myimage:latest\n```\n\nThis will append the certificates in `/path/to/cacerts.pem` to the `mycompany/myimage:latest` image and push the modified image to `myregistry/myimage:latest`.\n\nFor security, `incert` outputs the pushed image reference (with digest) to stdout:\n\n```bash\n$ incert --image-url=gcr.io/dlorenc-chainguard/wolfi-base --ca-certs-file mycert.pem --dest-image-url gcr.io/dlorenc-chainguard/wolfi-base:new\nSuccessfully appended CA certificates to image gcr.io/dlorenc-chainguard/wolfi-base:withcerts\ngcr.io/dlorenc-chainguard/wolfi-base:withcerts@sha256:0cd4278e8072df5acd4956eb58ecba73024de47d9ceace3f0d39fb64e1b01ca6\n```\n\n## Authentication\n\nincert uses standard Docker credential helpers for authentication.\nTo configure your credential helper, please follow the instructions in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/#credential-helpers).\n\n## Certificate Formats\n\nCertificate files should be pem encoded and ready to append to a list of other pem certificates.\nThey should look something like this:\n\n```\n-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL\nBQAwQzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4x\nFjAUBgNVBAMTDXZUcnVzIFJvb3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMx\nMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoGA1UEChMTaVRydXNDaGluYSBDby4s\nTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\nggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZotsSKYc\nIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU\nAyyNJJrIZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+\nGrPSbcKvdmaVayqwlHeFXgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z9\n8Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KAYPxMvDVTAWqXcoKv8R1w6Jz1717CbMdH\nflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70kLJrxLT5ZOrpGgrIDajt\nJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2AXPKBlim\n0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZN\npGvu/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQ\nUqqzApVg+QxMaPnu1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHW\nOXSuTEGC2/KmSNGzm/MzqvOmwMVO9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMB\nAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYgscasGrz2iTAPBgNVHRMBAf8E\nBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAKbqSSaet\n8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd\nnxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1j\nbhd47F18iMjrjld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvM\nKar5CKXiNxTKsbhm7xqC5PD48acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIiv\nTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJnxDHO2zTlJQNgJXtxmOTAGytfdELS\nS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554WgicEFOwE30z9J4nfr\nI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4sEb9\nb91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNB\nUvupLnKWnyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1P\nTi07NEPhmg4NpGaXutIcSkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929ven\nsBxXVsFy6K2ir40zSbofitzmdHxghm+Hl3s=\n-----END CERTIFICATE-----\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fincert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fincert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fincert/lists"}