Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/eventstore/es-gencert-cli

Event Store Certificate Generation CLI
https://github.com/eventstore/es-gencert-cli

Last synced: 4 days ago
JSON representation

Event Store Certificate Generation CLI

Host: GitHub
URL: https://github.com/eventstore/es-gencert-cli
Owner: EventStore
License: other
Created: 2020-08-10T12:08:38.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-05-02T09:19:37.000Z (6 months ago)
Last Synced: 2024-06-19T20:50:27.722Z (5 months ago)
Language: Go
Size: 47.9 KB
Stars: 5
Watchers: 28
Forks: 7
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Event Store Certificate Generation CLI

The command line interface to ease the generation of a certificate authority and node certificates for EventStoreDB 20.6.x and above.

## Getting Started

### Releases
The latest release for the es-gencert-cli can be found under the [GitHub releases page](https://github.com/EventStore/es-gencert-cli/releases).
We releases binaries for Windows, Linux and macOS. We also publish the tool as a Docker image.

### Usage

Basic usage for es-gencert-cli:
```
./es-gencert-cli [options] [args]
```

Getting help for a specific command:

```bash
./es-gencert-cli -help
```
e.g.

```bash
./es-gencert-cli -help create-ca

Usage: create_ca [options]
Generate a root/CA TLS certificate to be used with EventStoreDB
Options:
-days The validity period of the certificate in days (default: 5 years)
-out The output directory (default: ./ca)
```

## Running with Docker

You could also run the tool using Docker interactive container:

```bash
docker run --rm -i eventstore/es-gencert-cli
```

One useful scenario is to use the tool inside the Docker Compose file to generate all the necessary certificates before starting cluster nodes. You can find an [example](https://github.com/EventStore/EventStore/blob/master/docker-compose.yml) in the EventStoreDB repository.

### Examples

Generating a certificate authority:

```bash
./es-gencert-cli create-ca -out ./es-ca
```

Generating a certificate for an EventStoreDB node:

```bash
./es-gencert-cli create-node -ca-certificate ./es-ca/ca.crt -ca-key ./es-ca/ca.key -out ./node1 -ip-addresses 127.0.0.1,172.20.240.1 -dns-names localhost,eventstore-node1.localhost.com
```

Generating a certification for user authentication:

```bash
./es-gencert-cli create-user -username ouro -days 10 -ca-certificate ./es-ca/ca.crt -ca-key ./es-ca/ca.key
```

Generating certificates using config file:
```
./es-gencert-cli create-certs --config-file ./certs.yml
```

An example config file:
```yaml
certificates:
ca-certs:
- out: "./root_ca"
- out: "./intermediate_ca"
ca-certificate: "./root_ca/ca.crt"
ca-key: "./root_ca/ca.key"
days: 5
node-certs:
- out: "./node1"
ca-certificate: "./intermediate_ca/ca.crt"
ca-key: "./intermediate_ca/ca.key"
ip-addresses: "127.0.0.1,172.20.240.1"
dns-names: "localhost,eventstore-node1.localhost.com"
- out: "./node2"
ca-certificate: "./intermediate_ca/ca.crt"
ca-key: "./intermediate_ca/ca.key"
ip-addresses: "127.0.0.2,172.20.240.2"
dns-names: "localhost,eventstore-node2.localhost.com"
- out: "./node3"
ca-certificate: "./intermediate_ca/ca.crt"
ca-key: "./intermediate_ca/ca.key"
ip-addresses: "127.0.0.3,172.20.240.3"
dns-names: "localhost,eventstore-node2.localhost.com"
```

If you want to specify the name of the certificates from the config file, you can add the name field to the certificate definition. You can see an example of this in the [example configuration](references/named_certs.yml).

## Development

Building or working on `es-gencert-cli` requires a Go environment, version 1.14 or higher.