Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/immobiliare/inca
INternal CA is an API around Certificate Authority flows to handle internal and global certificates at ease
https://github.com/immobiliare/inca
api certificate-authority golang https letsencrypt pki
Last synced: 5 days ago
JSON representation
INternal CA is an API around Certificate Authority flows to handle internal and global certificates at ease
- Host: GitHub
- URL: https://github.com/immobiliare/inca
- Owner: immobiliare
- License: mit
- Created: 2022-10-07T07:19:41.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-28T23:49:19.000Z (16 days ago)
- Last Synced: 2024-11-02T12:35:03.932Z (11 days ago)
- Topics: api, certificate-authority, golang, https, letsencrypt, pki
- Language: Go
- Homepage:
- Size: 1.71 MB
- Stars: 29
- Watchers: 7
- Forks: 2
- Open Issues: 3
-
Metadata Files:
- Readme: .github/README.md
- Contributing: .github/CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Inca 
[](https://github.com/immobiliare/inca/actions/workflows/test.yml)
Inca stands for INternal CA, and it's primary aim is self-explained: handling certificate-wise flows with regards to a local and private CA.
On the flip side, its ambitious vocation is to eliminate all the complexity on maintaining a PKI within a company.
### Alternatives
Alternatives to Inca that don't have all the required features:
- [OpenXPKI](https://www.openxpki.org/)
- [EJBCA](https://www.ejbca.org/)
- [step-ca](https://github.com/smallstep/certificates)
- [Locksmith](https://github.com/kenmoini/locksmith)
- [Certbot](https://certbot.eff.org/) - The recommended LetsEncrypt client
- [Lego](https://github.com/go-acme/lego) - Let's Encrypt client and ACME library written in Go
### Internal CA
Given a CA keypair, Inca exposes a set of endpoints usable to interact with the aforementioned CA to issue, revoke, extend valid certificates.
### Proxying to other CAs
If configured to do so, Inca can proxy the already mentioned requests to external providers (e.g. Let's Encrypt), providing a simple and common interface for certificates regardless of their origin.
### Storing certificates
Inca does not only issue certificates, it caches and stores them on a configurable storage (e.g. locally on filesystem, on S3), reusing them if asked to.
### Foreign certificates
Through the webgui, Inca allows for certificates to be manually imported, if issued via a third-party flow.
### Self-explanatory API endpoints
Given it's minimal semantic, Inca is super easy to integrate into third-party tools, as obtaining a valid certificate is as easy as `curl https://inca.domain.tld/whatever-cn.domain.tld`.
[](#inca)
[](#inca)
## Table of Contents
- [Install](#install)
- [Usage](#usage)
- [Custom installation](#custom-installation)
- [Generate certificates](#generate-certificates)
- [Changelog](#changelog)
- [Contributing](#contributing)
- [Documentation](#documentation)
- [Powered apps](#powered-apps)
- [Support](#support)
## Install
Either
```sh
go build
go install
inca --help
```
or
```sh
docker run -it -v --network host ${PWD}/inca.yml:/etc/inca:ro \
ghcr.io/immobiliare/inca:latest
```
## Usage
If you're `curl`-ninja enough:
```sh
alias curl='curl -H "Authorization:Bearer REDACTED"'
# fetch certificate
curl https://inca.domain.tld/domain.tld.farm -o whatever.domain.tld.pem
# fetch certificate with further params
curl https://inca.domain.tld/whatever-with-details.domain.tld?alt=whatever2.domain.tld&duration=2y
# fetch key
curl https://inca.domain.tld/whatever.domain.tld/key -o whatever.domain.tld.key
# remove certificate
curl -X DELETE https://inca.domain.tld/whatever.domain.tld
```
Otherwise, just open Inca on a browser.
#### Custom installation
```sh
inca gen -n domain.tld -o /etc/inca.d
cat >/etc/inca <