https://github.com/platformatic/vault-pki-fetcher
Issue TLS certificates from a Vault cluster
https://github.com/platformatic/vault-pki-fetcher
Last synced: about 1 month ago
JSON representation
Issue TLS certificates from a Vault cluster
- Host: GitHub
- URL: https://github.com/platformatic/vault-pki-fetcher
- Owner: platformatic
- License: apache-2.0
- Created: 2023-05-04T12:19:44.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-15T08:44:01.000Z (over 2 years ago)
- Last Synced: 2025-02-16T18:39:07.456Z (over 1 year ago)
- Language: JavaScript
- Size: 42 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# vault-pki-fetcher
Issue TLS certificates from a Vault cluster. The return value can be set in a [`setSecureContext(...)`](https://nodejs.org/api/tls.html#serversetsecurecontextoptions) method call for a https server.
# Usage
For logging into Vault, you need a valid `roleId` and `secretId` with a policy able to read/write into your pki engine/role.
```javascript
const getCertificate = require('vault-pki-fetcher')
const options = {
roleId: 'xxxx',
secretId: 'yyyy',
vaultAddress: 'https://localhost:8200',
vaultNamespace: 'admin',
commonName: 'example.com', // The common name the certificate will be valid for
altNames: 'example2.com', // The Subject Alternative Names the certificate will be valid for
ttl: '365d',
CAName: 'your_ca', // the PKI engine name
PKIRole: 'ca_role' // the PKI engine role name
}
const res = await getCertificate(options)
console.log(res)
/**
{
key: '-----BEGIN RSA PRIVATE KEY-----\n' +
...
'-----END RSA PRIVATE KEY-----',
cert: '-----BEGIN CERTIFICATE-----\n' +
...
'-----END CERTIFICATE-----',
ca: [
'-----BEGIN CERTIFICATE-----\n' +
...
'-----END CERTIFICATE-----',
'-----BEGIN CERTIFICATE-----\n' +
...
'-----END CERTIFICATE-----'
]
}
*/
```