Giter Club home page Giter Club logo

fixca's Introduction

fixca - FIX Internal Certificate Authority

Introduction

FIX CA is the internal Certificate Authority for FIX. It provides the same interface as Fix Core's built-in CA and is used to issue certificates for FIX internal services.

FIX CA stores its CA cert and key in a K8s secret. As such it needs to either run inside a K8s cluster with appropriate permissions or have access to a K8s cluster via KUBECONFIG.

The API is fully compatible with Resoto Core's CA API. I.e. /ca/cert to download the CA cert and /ca/sign to sign a CSR. Other than Resoto Core JWT authentication can not be turned off and a pre-shared-key is mandatory to sign a CSR.

Usage

usage: fixca [-h] [--psk PSK] [--port PORT] [--namespace NAMESPACE] [--secret SECRET]
             [--verbose | --trace | --quiet]

FIX Certification Authority

options:
  -h, --help            show this help message and exit
  --psk PSK             Pre-shared-key
  --port PORT           HTTPS port to listen on (default: 7900)
  --namespace NAMESPACE
                        K8s namespace (default: fix)
  --secret SECRET       Secret name (default: fix-ca)
  --verbose, -v         Verbose logging
  --trace               Trage logging
  --quiet               Only log errors

Alternatively export the following environment variables:

  • FIXCA_PSK
  • FIXCA_PORT
  • FIXCA_NAMESPACE
  • FIXCA_SECRET

Only the pre-shared-key is mandatory. The other options have sensible defaults.

K8s cluster issuer

When using cert-manager to issue certificates for your services you can use the following cluster issuer:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: fix-ca-issuer
  namespace: cert-manager
spec:
  ca:
    secretName: fix-ca

Example Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: lukas-test-cert
  namespace: fix
spec:
  secretName: lukas-test
  duration: 2160h # 90d
  renewBefore: 360h # 15d
  commonName: lukas.test
  privateKey:
    algorithm: RSA
    encoding: PKCS1
    size: 2048
  usages:
    - server auth
    - client auth
  dnsNames:
    - redis.fix
  issuerRef:
    name: fix-ca-issuer
    group: cert-manager.io
    kind: ClusterIssuer

Check the cert-manager documentation for more information.

fixca's People

Contributors

dependabot[bot] avatar imgbot[bot] avatar lloesche avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.