https://github.com/alta/insecure
Secure your dev servers, insecurely!
https://github.com/alta/insecure
go golang insecure-by-default tls tls-certificate
Last synced: 3 months ago
JSON representation
Secure your dev servers, insecurely!
- Host: GitHub
- URL: https://github.com/alta/insecure
- Owner: alta
- License: mit
- Created: 2021-04-22T16:23:33.000Z (about 5 years ago)
- Default Branch: main
- Last Pushed: 2026-01-23T00:21:37.000Z (5 months ago)
- Last Synced: 2026-01-23T16:46:02.159Z (5 months ago)
- Topics: go, golang, insecure-by-default, tls, tls-certificate
- Language: Go
- Homepage:
- Size: 55.7 KB
- Stars: 48
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Insecure
[](https://pkg.go.dev/github.com/alta/insecure) [](https://github.com/alta/insecure/actions)
Generate deterministic [TLS certificates](https://golang.org/pkg/crypto/tls/) for local [Go](https://golang.org/) development servers. The certificates use a [P-256 ECDSA private key](https://csrc.nist.gov/csrc/media/events/workshop-on-elliptic-curve-cryptography-standards/documents/papers/session6-adalier-mehmet.pdf) generated with a total lack of randomness.
Optionally, the certificates generated by this package will be signed by your local [mkcert](https://github.com/FiloSottile/mkcert) root CA. See the [mkcert docs](https://github.com/FiloSottile/mkcert) for more information.
## Why?
So your browser can trust a single certificate from your development servers, and dev/test with TLS. **Do not use in production.**
## Install
`go get github.com/alta/insecure`
### Local CA
This package works with [mkcert](https://github.com/FiloSottile/mkcert) to generate certificates that are signed by your machine’s local certificate authority (CA). To use this feature, run `mkcert -install` on your development machine before generating a certificate.
## Usage
Get a TLS certificate suitable for `localhost`, `127.0.0.1`, etc:
```go
cert, err := insecure.Cert()
```
Get a TLS certificate for a specific set of [subject alternative names](https://en.wikipedia.org/wiki/Subject_Alternative_Name):
```go
cert, err := insecure.Cert("crowbar.local", "::1", "192.168.0.42")
```
Get a certificate pool that trusts `cert`, useful for building `net/http` clients that call other services using `cert`:
```go
pool, err := insecure.Pool(cert)
```
## Note
Seriously, do not use this in production.
## Author
Originally developed by [@cee-dub](https://github.com/cee-dub) for Alta Software LLC.
This package includes functions adapted from [mkcert](https://github.com/FiloSottile/mkcert). Neither the authors of mkcert nor Google, Inc. have promoted or endorsed this project.