{"id":22924401,"url":"https://github.com/lawndoc/capy","last_synced_at":"2025-05-12T23:45:49.657Z","repository":{"id":38889000,"uuid":"362523570","full_name":"lawndoc/CAPy","owner":"lawndoc","description":"A Certificate Authority microservice that can generate server/client certificates through an API interface","archived":false,"fork":false,"pushed_at":"2024-07-03T19:20:05.000Z","size":54,"stargazers_count":7,"open_issues_count":5,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-01T04:51:08.384Z","etag":null,"topics":["api","authentication","certificate","certificate-authority","client-certificate","container","encryption","flask","microservice","signed","ssl","ssl-certificates","tls","tls-certificate","x509"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lawndoc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-04-28T15:43:33.000Z","updated_at":"2024-01-19T10:28:12.000Z","dependencies_parsed_at":"2024-12-14T08:29:02.002Z","dependency_job_id":"f9522956-1ea9-4827-92b0-d5f2230a44dc","html_url":"https://github.com/lawndoc/CAPy","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FCAPy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FCAPy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FCAPy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lawndoc%2FCAPy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lawndoc","download_url":"https://codeload.github.com/lawndoc/CAPy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253843167,"owners_count":21972868,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","certificate","certificate-authority","client-certificate","container","encryption","flask","microservice","signed","ssl","ssl-certificates","tls","tls-certificate","x509"],"created_at":"2024-12-14T08:28:53.475Z","updated_at":"2025-05-12T23:45:49.635Z","avatar_url":"https://github.com/lawndoc.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CAPy\r\nA Certificate Authority microservice that can generate server/client certificates through an API interface\r\n\r\n![Build/Tests](https://github.com/lawndoc/CAPy/actions/workflows/build-test.yml/badge.svg)\r\n[![Codecov](https://codecov.io/gh/lawndoc/CAPy/branch/main/graph/badge.svg)](https://codecov.io/gh/lawndoc/CAPy)\r\n\r\nIt currently does not provide any kind of authentication mechanism, so NAC and container network configuration are extremely important in deploying this service.\r\n\r\n## Functionality\r\n\r\nBasic API calls provided:\r\n\r\n- GET `/ca/root-trust` -\u003e get root CA certificate for establishing trust\r\n- GET `/ca/host-certificate` -\u003e get new host certificate signed by CA\r\n\r\nTODO / Not yet implemented:\r\n\r\n- POST `/ca/csr` -\u003e generic certificate signing request (optionally supply own public key)\r\n- POST `/ca/revoke-certificate` -\u003e revoke certificate\r\n- GET `/ca/revoke-certificate` -\u003e check if cert has been revoked\r\n- OCSP server for clients to check if cert has been revoked via OCSP\r\n\r\n## Deployment\r\n\r\nCAPy requires the following environment variables to run properly:\r\n\r\n| Variable Name | Description | Required | Default Value |\r\n| --- | --- | --- | --- |\r\n| CA_NAME | Name of the certificate authority | No | CAPy Root CA |\r\n| CA_CERT_DIR | Directory within the container to save certificates | No | /opt/CAPy/CA |\r\n| PROXY_DOMAIN | Domain that the CA is creating certificates for | Yes | |\r\n| PGID | Container user GID; used for volume file permissions | Yes | |\r\n| PUID | Container user UID; used for volume file permissions | Yes | |\r\n| SECRET_KEY | Secret key for encryption; make sure this value is complex and protected | Yes | |\r\n\r\nCAPy also requires a volume mounted at the CA_CERT_DIR location to be able to persist certificates across runs.\r\n\r\nThe following docker-compose file provides example deployment code:\r\n\r\n```\r\nversion: \"3.9\"\r\nservices:\r\n  capy:\r\n    container_name: \"capy\"\r\n    image: ghcr.io/lawndoc/capy:main\r\n    volumes:\r\n      - ./volumes/capy:/opt/CAPy/CA     # make sure this matches CA_CERT_DIR\r\n    networks:\r\n      - backend\r\n    restart: always\r\n    environment:\r\n      CA_NAME: \"MyOrg CA\"               # optional\r\n      CA_CERT_DIR: \"/opt/CAPy/CA\"       # optional\r\n      PGID: 1001\r\n      PROXY_DOMAIN: example.com\r\n      PUID: 1000\r\n      SECRET_KEY: ${SECRET_KEY}\r\nnetworks:\r\n  backend:\r\n```\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flawndoc%2Fcapy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flawndoc%2Fcapy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flawndoc%2Fcapy/lists"}