{"id":50803382,"url":"https://github.com/databus23/go-mtls-keychain","last_synced_at":"2026-06-12T22:33:32.137Z","repository":{"id":362902629,"uuid":"1260400972","full_name":"databus23/go-mtls-keychain","owner":"databus23","description":null,"archived":false,"fork":false,"pushed_at":"2026-06-05T14:05:48.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T14:08:55.927Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/databus23.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-05T13:04:22.000Z","updated_at":"2026-06-05T14:05:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/databus23/go-mtls-keychain","commit_stats":null,"previous_names":["databus23/go-mtls-keychain"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/databus23/go-mtls-keychain","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databus23%2Fgo-mtls-keychain","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databus23%2Fgo-mtls-keychain/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databus23%2Fgo-mtls-keychain/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databus23%2Fgo-mtls-keychain/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/databus23","download_url":"https://codeload.github.com/databus23/go-mtls-keychain/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databus23%2Fgo-mtls-keychain/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34265491,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-12T22:33:31.331Z","updated_at":"2026-06-12T22:33:32.112Z","avatar_url":"https://github.com/databus23.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# go-mtls-keychain\n\nA Go library that creates an `*http.Transport` configured with a client certificate from the system certificate store, identified by Common Name. Zero external dependencies.\n\n## Usage\n\n```go\nimport keychain \"github.com/databus23/go-mtls-keychain\"\n\n// Create a transport using a certificate from the system store\ntransport, close, err := keychain.Transport(\"MyCertCommonName\")\nif err != nil {\n    log.Fatal(err)\n}\ndefer close()\n\n// Use with any http.Client\nclient := \u0026http.Client{Transport: transport}\nresp, err := client.Get(\"https://mtls.example.com/api\")\n```\n\n## Platform Support\n\n| Platform | Certificate Store | Status |\n|----------|------------------|--------|\n| macOS    | Keychain (Security framework) | ✅ Supported |\n| Windows  | Windows Certificate Store (CNG / CryptoAPI) | ✅ Supported |\n| Linux    | — | ❌ Not supported (no system certificate store) |\n\n## Vendored certstore\n\nThis library includes a vendored copy of the [`certstore`](https://github.com/github/smimesign/tree/main/certstore) package from [github/smimesign](https://github.com/github/smimesign) with a fix for RSA-PSS signature support. The `github.com/pkg/errors` dependency has been replaced with stdlib `errors`/`fmt` to keep this library dependency-free.\n\n**Why:** The upstream `certstore` package does not support RSA-PSS signatures (`*rsa.PSSOptions`), which are required for TLS 1.3 client authentication. Without this fix, using a system certificate for mTLS against any TLS 1.3 server results in `tls: error decrypting message`.\n\n**Upstream PR:** https://github.com/github/smimesign/pull/173\n\n**When this can be removed:** Once the upstream PR is merged and a new release of `github.com/github/smimesign` is published, the vendored `internal/certstore` package can be replaced with a direct import of the upstream package. At that point the only changes needed are:\n\n1. Replace the `internal/certstore` import with `github.com/github/smimesign/certstore`\n2. Remove the `internal/certstore/` directory\n3. Add the upstream module to `go.mod`\n\n## License\n\nThe vendored `internal/certstore` code is from [github/smimesign](https://github.com/github/smimesign) and is subject to its [MIT license](internal/certstore/LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabus23%2Fgo-mtls-keychain","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatabus23%2Fgo-mtls-keychain","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabus23%2Fgo-mtls-keychain/lists"}