{"id":15167110,"url":"https://github.com/lkubb/salt-private-ca-formula","last_synced_at":"2026-01-21T04:06:35.933Z","repository":{"id":65719946,"uuid":"577097072","full_name":"lkubb/salt-private-ca-formula","owner":"lkubb","description":"Manage a private Certificate Authority with Salt.","archived":false,"fork":false,"pushed_at":"2024-11-13T23:31:13.000Z","size":335,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-09T03:29:55.916Z","etag":null,"topics":["certificate-authority","devops","homelab","saltstack","saltstack-formula","x509"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lkubb.png","metadata":{"files":{"readme":"docs/README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-12T00:13:16.000Z","updated_at":"2024-11-13T23:31:17.000Z","dependencies_parsed_at":"2023-12-26T16:35:58.729Z","dependency_job_id":"6c830f39-195d-4b3b-8f45-cd61eba39dda","html_url":"https://github.com/lkubb/salt-private-ca-formula","commit_stats":{"total_commits":40,"total_committers":1,"mean_commits":40.0,"dds":0.0,"last_synced_commit":"fce4ce79a98b8246df555e1285694d7d12223861"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lkubb/salt-private-ca-formula","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lkubb%2Fsalt-private-ca-formula","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lkubb%2Fsalt-private-ca-formula/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lkubb%2Fsalt-private-ca-formula/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lkubb%2Fsalt-private-ca-formula/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lkubb","download_url":"https://codeload.github.com/lkubb/salt-private-ca-formula/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lkubb%2Fsalt-private-ca-formula/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28625926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T02:47:06.670Z","status":"ssl_error","status_checked_at":"2026-01-21T02:45:44.886Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["certificate-authority","devops","homelab","saltstack","saltstack-formula","x509"],"created_at":"2024-09-27T05:24:44.739Z","updated_at":"2026-01-21T04:06:35.907Z","avatar_url":"https://github.com/lkubb.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":".. _readme:\n\nPrivate CA Formula\n==================\n\n|img_sr| |img_pc|\n\n.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg\n   :alt: Semantic Release\n   :scale: 100%\n   :target: https://github.com/semantic-release/semantic-release\n.. |img_pc| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\n   :alt: pre-commit\n   :scale: 100%\n   :target: https://github.com/pre-commit/pre-commit\n\nManage a private Certificate Authority with Salt.\n\nNote that this formula contains rewritten ``x509`` modules which will become\navailable in Salt v3006 by default. See `#63099 \u003chttps://github.com/saltstack/salt/pull/63099\u003e`_.\n\n.. contents:: **Table of Contents**\n   :depth: 1\n\nGeneral notes\n-------------\n\nSee the full `SaltStack Formulas installation and usage instructions\n\u003chttps://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html\u003e`_.\n\nIf you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section\n\u003chttps://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html#writing-formulas\u003e`_.\n\nIf you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,\nwhich contains the currently released version. This formula is versioned according to `Semantic Versioning \u003chttp://semver.org/\u003e`_.\n\nSee `Formula Versioning Section \u003chttps://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html#versioning\u003e`_ for more details.\n\nIf you need (non-default) configuration, please refer to:\n\n- `how to configure the formula with map.jinja \u003cmap.jinja.rst\u003e`_\n- the ``pillar.example`` file\n- the `Special notes`_ section\n\nSpecial notes\n-------------\n* One parameter is required: ``pca:ca:minion_id``.\n* To make full use of your private CA, make sure to allow peer communication in your Salt master configuration:\n\n.. code-block:: yaml\n\n   peer:\n     # you can restrict this with minion ID globbing\n     .*:\n       - x509.sign_remote_certificate\n\n* You will also need to define ``x509_signing_policies`` in your CA minion config/pillar. See the `state module documentation \u003chttps://docs.saltproject.io/en/latest/ref/states/all/salt.states.x509.html\u003e`_ for further details.\n\nConfiguration\n-------------\nAn example pillar is provided, please see `pillar.example`. Note that you do not need to specify everything by pillar. Often, it's much easier and less resource-heavy to use the ``parameters/\u003cgrain\u003e/\u003cvalue\u003e.yaml`` files for non-sensitive settings. The underlying logic is explained in `map.jinja`.\n\n\nAvailable states\n----------------\n\nThe following states are found in this formula:\n\n.. contents::\n   :local:\n\n\n``pca``\n^^^^^^^\nAlways ensures the Salt CA is present in the system's CA bundle\nand thus trusted.\n\nIf the configured CA minion's ID matches this minion's ID,\nincludes `pca.ca`_ as well.\n\n\n``pca.base``\n^^^^^^^^^^^^\nEnsures an existing Salt CA is trusted.\nPulls the root certificate to trust from the mine.\n\nShould work for Linux/BSD and MacOS. For the latter,\nthis requires the `macprofile module \u003chttps://github.com/lkubb/salt-tool-macos-formula\u003e`_,\nwhich will install the necessary profile interactively.\n\n\n``pca.ca``\n^^^^^^^^^^\nConfigures a certificate authority:\n\n* creates a root certificate or a CSR, if not ``ca:self_signed``\n* if not ``ca:self_signed``, saves the configured root certificate\n* publishes the root certificate to the mine\n\n\n``pca.clean``\n^^^^^^^^^^^^^\nDoes nothing currently.\n\n\n\nContributing to this repo\n-------------------------\n\nCommit messages\n^^^^^^^^^^^^^^^\n\n**Commit message formatting is significant!**\n\nPlease see `How to contribute \u003chttps://github.com/saltstack-formulas/.github/blob/master/CONTRIBUTING.rst\u003e`_ for more details.\n\npre-commit\n^^^^^^^^^^\n\n`pre-commit \u003chttps://pre-commit.com/\u003e`_ is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes.\nFirst install  the ``pre-commit`` package manager using the appropriate `method \u003chttps://pre-commit.com/#installation\u003e`_, then run ``bin/install-hooks`` and\nnow ``pre-commit`` will run automatically on each ``git commit``. ::\n\n  $ bin/install-hooks\n  pre-commit installed at .git/hooks/pre-commit\n  pre-commit installed at .git/hooks/commit-msg\n\nState documentation\n~~~~~~~~~~~~~~~~~~~\nThere is a script that semi-autodocuments available states: ``bin/slsdoc``.\n\nIf a ``.sls`` file begins with a Jinja comment, it will dump that into the docs. It can be configured differently depending on the formula. See the script source code for details currently.\n\nThis means if you feel a state should be documented, make sure to write a comment explaining it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flkubb%2Fsalt-private-ca-formula","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flkubb%2Fsalt-private-ca-formula","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flkubb%2Fsalt-private-ca-formula/lists"}