{"id":15722877,"url":"https://github.com/soerenschneider/vault-pki-cli","last_synced_at":"2026-02-14T04:03:04.796Z","repository":{"id":37898156,"uuid":"461981593","full_name":"soerenschneider/vault-pki-cli","owner":"soerenschneider","description":"Automate PKI operations","archived":false,"fork":false,"pushed_at":"2025-02-18T22:02:08.000Z","size":880,"stargazers_count":4,"open_issues_count":13,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-04T03:50:03.591Z","etag":null,"topics":["authentication","automation","certificate","certificate-authority","certificates","cli","hashicorp-va","kubernetes","pki","vault","x509","x509certificates","zero-trust"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soerenschneider.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-02-21T18:19:57.000Z","updated_at":"2025-09-01T20:56:52.000Z","dependencies_parsed_at":"2023-10-10T20:21:23.734Z","dependency_job_id":"1fa10cb8-2ce0-4a04-82a5-fc229514efe3","html_url":"https://github.com/soerenschneider/vault-pki-cli","commit_stats":null,"previous_names":[],"tags_count":36,"template":false,"template_full_name":null,"purl":"pkg:github/soerenschneider/vault-pki-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fvault-pki-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fvault-pki-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fvault-pki-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fvault-pki-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soerenschneider","download_url":"https://codeload.github.com/soerenschneider/vault-pki-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soerenschneider%2Fvault-pki-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29435415,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T03:34:37.767Z","status":"ssl_error","status_checked_at":"2026-02-14T03:34:09.092Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","automation","certificate","certificate-authority","certificates","cli","hashicorp-va","kubernetes","pki","vault","x509","x509certificates","zero-trust"],"created_at":"2024-10-03T22:09:34.538Z","updated_at":"2026-02-14T04:03:04.781Z","avatar_url":"https://github.com/soerenschneider.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vault-pki-cli\n[![Go Report Card](https://goreportcard.com/badge/github.com/soerenschneider/vault-pki-cli)](https://goreportcard.com/report/github.com/soerenschneider/vault-pki-cli)\n![test-workflow](https://github.com/soerenschneider/vault-pki-cli/actions/workflows/test.yaml/badge.svg)\n![release-workflow](https://github.com/soerenschneider/vault-pki-cli/actions/workflows/release-container.yaml/badge.svg)\n![golangci-lint-workflow](https://github.com/soerenschneider/vault-pki-cli/actions/workflows/golangci-lint.yaml/badge.svg)\n\n## Features\n\n🔐 Issues, signs and revokes x509 certificates\u003cbr/\u003e\n🔑 Reads ACME certs written by [acmevault](https://github.com/soerenschneider/acmevault) (e.g. issued by LetsEncrypt)\u003cbr/\u003e\n⛓  Reads the CA / CA chain of a PKI\u003cbr/\u003e\n📖 Reads the CRL of a PKI\u003cbr/\u003e\n📝 Supports DER and PEM formats\u003cbr/\u003e\n⏰ Automatically renews certificates based on its lifetime\u003cbr/\u003e\n🛂 Authenticate against Vault using Kubernetes, AppRole, (explicit) token or _implicit_ auth\u003cbr/\u003e\n🗂 Supports multiple _sinks_: Kubernetes, plain files, in-memory\u003cbr/\u003e\n💻 Runs effortlessly both on your workstation's CLI via command line flags or automated via systemd and config files on your server\u003cbr/\u003e\n🔭 Provides metrics to increase observability for robust automation\u003cbr/\u003e\n\n## Why would I need this?\n\nmTLS is a strong and proven authentication mechanism and vault-pki-cli deals with some of its challenges\n\n| mTLS challenges            | How vault-pki-cli can help                                                                                             |\n|----------------------------|------------------------------------------------------------------------------------------------------------------------|\n| Certificate Management     | Dramatically removes complexity for issuing, renewing, and revoking certificates and downloading CRLs                  |\n| Key Distribution           | Safely distributes certificates using Vault's API                                                                      |\n| Revocation Challenges      | Revocation is easy and can be performed automatically                                                                  |\n| Key Storage                | Observability and automation allows for short-lived certificates to limit the blast-radius of compromised certificates |\n| Certificate Expiration     | Unless Vault is down, certificates are automatically renewed after a user-defined threshold passes                     |\n\n\n## Installation\n\n### Docker / Podman\n````shell\n$ docker run ghcr.io/soerenschneider/vault-pki-cli:main\n````\n\n### Binaries\nHead over to the [prebuilt binaries](https://github.com/soerenschneider/vault-pki-cli/releases) and download the correct binary for your system.\n\n### From Source\nAs a prerequesite, you need to have [Golang SDK](https://go.dev/dl/) installed. After that, you can install vault-pki-cli from source by invoking:\n```text\n$ go install github.com/soerenschneider/vault-pki-cli@latest\n```\n\n## Changelog\n\nThe full changelog can be found [here](CHANGELOG.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoerenschneider%2Fvault-pki-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoerenschneider%2Fvault-pki-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoerenschneider%2Fvault-pki-cli/lists"}