{"id":16929004,"url":"https://github.com/hslatman/caddy-keyless","last_synced_at":"2025-06-18T16:37:30.513Z","repository":{"id":54249261,"uuid":"410369398","full_name":"hslatman/caddy-keyless","owner":"hslatman","description":"A Caddy module providing Keyless SSL support","archived":false,"fork":false,"pushed_at":"2023-10-17T09:49:11.000Z","size":11189,"stargazers_count":6,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-11T17:56:33.154Z","etag":null,"topics":["caddy","caddyserver","hacktoberfest","keyless"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hslatman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-25T19:56:52.000Z","updated_at":"2023-10-17T08:43:18.000Z","dependencies_parsed_at":"2024-06-19T11:31:02.178Z","dependency_job_id":"c2ed5296-31ea-41d0-abaa-0bcf50ee85be","html_url":"https://github.com/hslatman/caddy-keyless","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/hslatman/caddy-keyless","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hslatman%2Fcaddy-keyless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hslatman%2Fcaddy-keyless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hslatman%2Fcaddy-keyless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hslatman%2Fcaddy-keyless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hslatman","download_url":"https://codeload.github.com/hslatman/caddy-keyless/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hslatman%2Fcaddy-keyless/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260590406,"owners_count":23033051,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","caddyserver","hacktoberfest","keyless"],"created_at":"2024-10-13T20:38:14.036Z","updated_at":"2025-06-18T16:37:25.434Z","avatar_url":"https://github.com/hslatman.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# caddy-keyless\n\nA Caddy module providing [Keyless SSL](https://www.cloudflare.com/ssl/keyless-ssl/) support\n\n## Description\n\nThis Caddy module provides Keyless SSL support, bringing this Cloudflare technology into self-hosted environments.\n\nIt is based on a custom `keyless` certificate loader that offloads the TLS handshake to a Keyless SSL server.\n\n*This is an early POC; things will change!*\n\n## Configuration\n\nCurrently only the Caddy JSON configuration format is supported.\nAn example TLS configuration is shown below:\n\n```json\n    \"tls\": {\n        \"certificates\": {\n            \"keyless\": {\n                \"cert\": \"/path/to/client/cert.pem\",\n                \"key\": \"/path/to/client/key.pem\",\n                \"ca\": \"/path/to/cacert.pem\",\n                \"disable_verification\": false,\n                \"server\": \"127.0.0.1:7000\",\n                \"certificates\": [\n                    \"/path/to/keyless/certificate.crt\"\n                ]\n            }\n        }\n    }\n```\n\nThe cert, key and CA bundle are required for mTLS between Caddy and the Keyless server.\nIt is possible to disable TLS certificate validation, for example when the Keyless server uses a self-signed certificate that is not trusted, but this must not be used in production.\nThe Keyless server to contact is running on the same host on port 7000.\nThe certificates array contains paths to the certificates that are loaded by the `keyless` loader.\nTLS handshakes destined for hostnames that are in one of those certificates will be performed by the Keyless SSL server.\n\n```shell\n$ gokeyless --private-key-dirs \"/path/to/private/keys\"\n```\n\nThis module (currently) does not offer a method to automatically retrieve the certificates to serve.\nThis means that certificates for which the Keyless server manages keys should be made available to the Caddy instance using other means.\n\n## TODO\n\n* Add more configuration options and/or smarter defaults\n* Provide multiple means for loading the certs (from files, from directories, from remote, etc); \n    * Reuse the existing certificate loaders for this?\n* Implement an CertMagic issuer backed by Keyless SSL?\n    * Likely requires a layer on top of the plain Gokeyless server\n* Provide an example using Docker?\n* Caddyfile support\n* See other TODOs in code\n* ...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhslatman%2Fcaddy-keyless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhslatman%2Fcaddy-keyless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhslatman%2Fcaddy-keyless/lists"}