https://github.com/gojek/kingsly

Your own x.509 cert manager
https://github.com/gojek/kingsly

certificate-generation kubernetes ruby-on-rails ssl-certs x509

Last synced: 18 days ago
JSON representation

Your own x.509 cert manager

• Host: GitHub
• URL: https://github.com/gojek/kingsly
• Owner: gojek
• License: apache-2.0
• Created: 2018-12-05T12:58:49.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2023-03-20T18:53:18.000Z (about 2 years ago)
• Last Synced: 2025-03-24T13:36:08.364Z (about 1 month ago)
• Topics: certificate-generation, kubernetes, ruby-on-rails, ssl-certs, x509
• Language: Ruby
• Homepage: https://blog.gojekengineering.com/introducing-kingsly-the-cert-manager-ced40746aa65
• Size: 139 KB
• Stars: 67
• Watchers: 17
• Forks: 18
• Open Issues: 15
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Kingsly





  



An attempt to automate SSL certs management. This Cert manager helps generate SSL certs, renews them automatically. [Release blog post](https://blog.gojekengineering.com/introducing-kingsly-the-cert-manager-ced40746aa65)

#### Assumptions

- The FQDN points to a public IP address

- An FQDN points to only one IP address

## Dev Setup

#### Install docker-compose

If you're on OS X, please follow the instructions to install [docker](https://docs.docker.com/docker-for-mac/install/).

Or if you're on a Unix based distribution, you can follow the instructions [here](https://docs.docker.com/compose/install/) to install docker-compose.

```

# For Linux based machines

$ sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-

$ sudo chmod +x /usr/local/bin/docker-compose

```

- Run `$ make .env` to create `.env` for the application from `.env.sample`

#### Opening the web interface on your dev machine

```

$ make docker.start

```

You can then open `localhost:8080`

#### To stop the docker containers

```

$ make docker.stop

```

#### Running the specs

```

$ make rspec

```

## Example APIs

- Creating SSL certs for a domain:

  - Request:

```

curl -X POST http://kingsly.host/v1/cert_bundles \

  -u admin:password \

  -H 'Content-Type: application/json' \

  -d '{

        "top_level_domain":"your-domain.com",

        "sub_domain": "your-sub-domain"

    }'

```

  - Response:

```

'{

  "private_key":"-----BEGIN RSA PRIVATE KEY-----\nFOO...\n-----END RSA PRIVATE KEY-----\n",

  "full_chain":"-----BEGIN CERTIFICATE-----\nBAR...\n-----END CERTIFICATE-----\n"

}'

```

## Deploying

Please refer to [deployment](https://github.com/gojekfarm/kingsly/tree/master/docs) docs here 

## TODO

- check for ACME account creation without email id (maybe initialize account only once?)

- tracks if the client has the updated cert  (WIP: [#5](https://github.com/gojekfarm/kingsly/issues/5))

## License

```

Copyright 2018, GO-JEK Tech 

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

```