https://github.com/lukasz-lobocki/step-badger

Exporting data out of the badger database of step-ca.
https://github.com/lukasz-lobocki/step-badger

badger badgerdb certificate ssh ssl step step-ca x509

Last synced: about 2 months ago
JSON representation

Exporting data out of the badger database of step-ca.

• Host: GitHub
• URL: https://github.com/lukasz-lobocki/step-badger
• Owner: lukasz-lobocki
• License: cc0-1.0
• Created: 2024-07-10T07:10:10.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-12-30T08:24:27.000Z (6 months ago)
• Last Synced: 2026-01-02T20:25:34.477Z (5 months ago)
• Topics: badger, badgerdb, certificate, ssh, ssl, step, step-ca, x509
• Language: Go
• Homepage:
• Size: 730 KB
• Stars: 24
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          
# step-badger [![Hits](https://hits.sh/github.com/lukasz-lobocki/step-badger.svg?style=for-the-badge)](https://hits.sh/github.com/lukasz-lobocki/step-badger/) ![Static](https://img.shields.io/badge/bulaj-biznes-darkorchid?style=for-the-badge&labelColor=darkslategray)

This tool has 3 features:

- display issued [x509 certificates](#step-badger-x509certs) from step-ca badger database.

- display issued [ssh certificates](#step-badger-sshcerts) from step-ca badger database.

- display [content of a given data bucket](#step-badger-dbtable) from step-ca badger database.

## step-badger x509Certs

Export data of x509 certificates.

```bash

step-badger x509Certs PATH [flags]

```

```text

Flags:

  -v, --valid                                      valid certificates shown (default true)

  -r, --revoked                                    revoked certificates shown

  -e, --expired                                    expired certificates shown

      --emit {table|json|markdown|openssl|plain}   emit format: table|json|markdown|openssl|plain (default table)

      --time {iso|short}                           time format: iso|short (default iso)

      --sort {start|finish}                        sort order: start|finish (default finish)

      --serial {dec|hex}                           serial format: dec|hex (default dec)

      --dnsnames                                   dns names column shown

      --emailaddresses                             email addresses column shown

      --ipaddresses                                ip addresses column shown

      --uris                                       uris column shown

      --issuer                                     issuer column shown

      --crl                                        crl column shown

      --provisioner                                provisioner column shown

      --algorithm                                  signature algorithm column shown

```

### Example

![alt text](samples/out-x509.png)

## step-badger sshCerts

Export data of ssh certificates.

```bash

step-badger sshCerts PATH [flags]

```

```text

Flags:

  -v, --valid                              valid certificates shown (default true)

  -r, --revoked                            revoked certificates shown

  -e, --expired                            expired certificates shown

      --emit {table|json|markdown|plain}   emit format: table|json|markdown|plain (default table)

      --time {iso|short}                   time format: iso|short (default iso)

      --sort {start|finish}                sort order: start|finish (default finish)

      --serial {dec|hex}                   serial format: dec|hex (default dec)

      --type                               host type column shown (default true)

      --keyid                              key id column shown

      --algorithm                          signature algorithm column shown

```

### Example

![alt text](samples/out-ssh.png)

## step-badger dbTable

Export data of a given bucket.

```bash

step-badger dbTable PATH BUCKET

```

> See [this](https://github.com/smallstep/certificates/blob/077f688e2d781fa12fd3d702cfab5b6f989a4391/db/db.go#L18) for bucket names.

### Example

![alt text](samples/out-dbtable.png)

## Info

### Badger single-user limitation

As a workaround, copy the badger database directory `db/` to some other temporary location. Stopping with `systemctl stop step-ca` is not required, you can do it on live running CA. Then, run `step-badger` against this temporary copy.

Simplified example. Adjust paths to your environment.

```bash

source_location='/etc/step-ca/db'

destination_location='/var/log/step-ca'

cp --recursive --force "${source_location}" "${destination_location}"

step-badger sshCerts "${destination_location}/db"

```

### Other

See [this](https://smallstep.com/docs/step-ca/certificate-authority-server-production/#enable-active-revocation-on-your-intermediate-ca).

## Build

See [BUILD.md](BUILD.md) file.

## License

`step-badger` was created by Lukasz Lobocki. It is licensed under the terms of the CC0 v1.0 Universal license.

All components used retain their original licenses.

## Credits

Inspired by [github.com/maraino](https://gist.github.com/maraino/4dcb64cb051b17ef6d421892cb4e55a8#file-listcerts-go).

`step-badger` was created with [cookiecutter](https://cookiecutter.readthedocs.io/en/latest/) and [template](https://github.com/lukasz-lobocki/go-cookiecutter).