https://github.com/coinbase/baseca
https://github.com/coinbase/baseca
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/coinbase/baseca
- Owner: coinbase
- License: apache-2.0
- Created: 2023-06-02T20:38:05.000Z (almost 3 years ago)
- Default Branch: master
- Last Pushed: 2024-04-19T12:20:47.000Z (about 2 years ago)
- Last Synced: 2025-03-24T10:38:41.757Z (about 1 year ago)
- Language: Go
- Size: 2.58 MB
- Stars: 23
- Watchers: 6
- Forks: 5
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
README
[](https://goreportcard.com/report/github.com/coinbase/baseca) [](https://github.com/coinbase/baseca/actions/workflows/pr_build.yml) [](https://github.com/coinbase/baseca/actions/workflows/release_build.yml)
## Overview
`baseca` is a `gRPC` service that serves as a Public Key Infrastructure (PKI) control plane that issues short-lived x.509 certificates at runtime using attestation.
### Use Cases
`baseca` integrates with AWS Private CA and becomes as a management layer and a Certificate Authority; instead of issuing leaf certificates directly from Private CA, `baseca` issues and manages Subordinate Certificate Authorities from upstream used to sign requests depending on the [`scope`](docs/SCOPE.md) of a service account.
- Client Authentication
- Server Authentication
- Code Signing
### Running `baseca`
- [`Architecture`](docs/ARCHITECTURE.md)
- [`Getting Started`](docs/GETTING_STARTED.md)
- [`Production Deployment`](docs/PRODUCTION_DEPLOYMENT.md)
- [`baseca gRPC Methods`](docs/ENDPOINTS.md)
### Benefits
- Short-Lived Certificates with Ephemeral Private Key Material
- No Limits on Number of Issued Certificates
- Protects Issuance of Certificates on Scope
- Supports Node Attestation
- Supports Issuance from On-Prem and Multi-Cloud