{"id":37169355,"url":"https://github.com/devon-mar/acmevault","last_synced_at":"2026-01-14T19:59:53.958Z","repository":{"id":46962427,"uuid":"508515088","full_name":"devon-mar/acmevault","owner":"devon-mar","description":"Obtain certificates from an ACME CA and store them in Vault.","archived":false,"fork":false,"pushed_at":"2026-01-10T05:29:01.000Z","size":456,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-01-11T01:37:22.108Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devon-mar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-06-29T02:08:36.000Z","updated_at":"2026-01-10T05:29:00.000Z","dependencies_parsed_at":"2026-01-03T11:06:29.893Z","dependency_job_id":null,"html_url":"https://github.com/devon-mar/acmevault","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/devon-mar/acmevault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devon-mar%2Facmevault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devon-mar%2Facmevault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devon-mar%2Facmevault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devon-mar%2Facmevault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devon-mar","download_url":"https://codeload.github.com/devon-mar/acmevault/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devon-mar%2Facmevault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28434069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T18:57:19.464Z","status":"ssl_error","status_checked_at":"2026-01-14T18:52:48.501Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T19:59:53.231Z","updated_at":"2026-01-14T19:59:53.951Z","avatar_url":"https://github.com/devon-mar.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# acmevault\n\nObtain certificates from an ACME CA and store them in Vault.\n\n## Environment Variables\n\n| Variable | Type | Required | Default | Description |\n|---|---|---|---|---|\n| `AV_CERTS` | string | true | | The certificates to obtain. See [AV_CERTS](#AV_CERTS). |\n| `ACME_TOS_AGREED` | bool | true | | Set to true to agree to the ACME CA tos. |\n\n#### `AV_CERTS`\nEach certificate is separated by a new line.\nEach line consists of a comma separated list of domains. The first domain will be used for the certificate CN.\nOptional comma separated key value pairs can follow:\n| Key | Type | Default | Description |\n|---|---|---|---|\n| `keytype` | string | RSA2048 | The key type to use. |\n| `reusekey` | bool | false | Reuse the private key when renewing a certificate. |\n| `muststaple` | bool | false | Enable the OCSP must staple extension. |\n\n**Example**:\n```\nexample.com,www.example.com,reusekey=false\ntest.example.com,muststaple=true,keytype=EC256\n```\n\n### Vault\n\n| Variable | Type | Required | Default | Description |\n|---|---|---|---|---|\n| `VAULT_KV_MOUNT` | string | true | | Vault KVv2 mount path. |\n| `VAULT_KV_CERTS_PATH` | string | true | | Path to store the certificates. The certificate CN will be appended. |\n| `VAULT_KV_ACCOUNT_PATH` | string | true | | KVv2 path to store the ACME account. |\n| `VAULT_CACERT` | string | false | | The path to a PEM-encoded CA cert file to use to verify the Vault server SSL certificate. |\n| `VAULT_CLIENT_CERT` | string | false | | Vault client certificate. |\n| `VAULT_CLIENT_KEY` | string | false | | Vault client private key. |\n| `VAULT_CERT_AUTH` | string | false | | Vault cert auth path. |\n| `VAULT_CERT_AUTH_ROLE` | string | false | | Vault cert auth role. |\n\n### ACME\n\n| Variable | Type | Required | Default | Description |\n|---|---|---|---|---|\n| `ACME_EMAIL` | string | true | | The email to use for the ACME account. |\n| `ACME_DIR_URL` | string | true | | The ACME CA directory url. (`https://acme-v02.api.letsencrypt.org/directory` for Let's Encrypt) .\n| `ACME_DNS01_PROVIDER` | string | true | | The Lego DNS01 [provider](https://go-acme.github.io/lego/dns/) to use or `temptxt`. |\n| `ACME_DNS_RESOLVERS` | string | false | false | Comma separated DNS resolvers to use for checking DNS record propogation. |\n| `ACME_DISABLE_COMPLETE_PROPAGATION` | bool | false | false | Disable DNS complete propogation check. |\n\n### TempTXT DNS01 Provider\n\n| Variable | Type | Required | Default | Description |\n|---|---|---|---|---|\n| `TEMPTXT_URL` | string | true | | The update URL. |\n| `TEMPTXT_CERT` | string | false | | The client certificate to use. |\n| `TEMPTXT_KEY` | string | false | | The client private key to use. |\n| `TEMPTXT_CA` | string | false | | Optional CA to verify the server's SSL certificate. |\n| `TEMPTXT_STRIP_ACME_CHALLENGE` | bool | false | | Strip `_acme-challenge.` from the domain when presenting it to the temptxt server. |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevon-mar%2Facmevault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevon-mar%2Facmevault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevon-mar%2Facmevault/lists"}