certificate-management

Package main is the certificate-management Dagger module.

Installation

dagger install github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9

Entrypoint

Return Type

CertificateManagement

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \

func (m *MyModule) Example() *dagger.CertificateManagement  {
	return dag.
			CertificateManagement()
}

@function
def example() -> dagger.CertificateManagement:
	return (
		dag.certificate_management()
	)

@func()
example(): CertificateManagement {
	return dag
		.certificateManagement()
}

Types

CertificateManagement 🔗

CertificateManagement provides functions for creating and managing X.509 certificate authorities, issuing server / client / mutual-TLS certificates, and packaging them as PKCS#12 keystores and truststores. The module is a pure signer: callers supply the private key material as a PEM-encoded PKCS#8 *dagger.Secret (RSA, ECDSA, or Ed25519). Pair with `daggerverse/crypto`'s key generators for fresh per-call keys.

createCertificateAuthority() 🔗

CreateCertificateAuthority self-signs a root CA over the caller-supplied private key. The key must be PEM-encoded PKCS#8 (RSA, ECDSA, or Ed25519). The supplied password is bound to the resulting CA’s KeyStore() and TrustStore() output.

Every field of the certificate template is fully determined by the function’s inputs (commonName, validityDays, notBefore, serial, key); the password binds to the CA’s KeyStore/TrustStore output but does not influence the certificate contents or signature. Vary notBefore and serial per call to bust Dagger’s default cache when fresh certs are wanted; reuse them to hit the cache and re-use the previously signed bytes.

Return Type

CertificateManagementCertificateAuthority !

Arguments

Name	Type	Default Value	Description
commonName	String !	"Devex Root CA"	Subject common name for the CA certificate.
validityDays	Integer !	3650	Number of days the CA certificate is valid for.
notBefore	String !	-	RFC3339 timestamp the CA becomes valid at. The CA's NotAfter is notBefore + validityDays. Pass time.Now().UTC().Format(time.RFC3339) for a fresh CA per call.
serial	String !	-	Hex-encoded certificate serial number (typically 32 hex chars = 128 bits). Must be a positive integer.
password	Secret !	-	PKCS#12 password used by the CA's KeyStore and TrustStore.
key	Secret !	-	PEM-encoded PKCS#8 private key the CA will sign with and embed.

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 create-certificate-authority --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET

func (m *MyModule) Example(commonName string, validityDays int, notBefore string, serial string, password *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementCertificateAuthority  {
	return dag.
			CertificateManagement().
			CreateCertificateAuthority(commonName, validityDays, notBefore, serial, password, key)
}

@function
def example(common_name: str, validity_days: int, not_before: str, serial: str, password: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementCertificateAuthority:
	return (
		dag.certificate_management()
		.create_certificate_authority(common_name, validity_days, not_before, serial, password, key)
	)

@func()
example(commonName: string, validityDays: number, notBefore: string, serial: string, password: Secret, key: Secret): CertificateManagementCertificateAuthority {
	return dag
		.certificateManagement()
		.createCertificateAuthority(commonName, validityDays, notBefore, serial, password, key)
}

loadCertificateAuthority() 🔗

LoadCertificateAuthority restores a CA from a PKCS#12 archive that contains the CA certificate and its private key. The supplied password is also bound to the returned CA’s KeyStore() and TrustStore() output.

Return Type

CertificateManagementCertificateAuthority !

Arguments

Name	Type	Default Value	Description
pkcs12File	File !	-	PKCS#12 archive containing the CA certificate and private key.
password	Secret !	-	Password used to decrypt the archive.

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.CertificateManagementCertificateAuthority  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.CertificateManagementCertificateAuthority:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
	)

@func()
example(pkcs12File: File, password: Secret): CertificateManagementCertificateAuthority {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
}

loadKeyStoreFromPkcs12() 🔗

LoadKeyStoreFromPkcs12 wraps an existing PKCS#12 archive and its password as a KeyStore.

Return Type

CertificateManagementKeyStore !

Arguments

Name	Type	Default Value	Description
pkcs12File	File !	-	No description provided
password	Secret !	-	No description provided

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-key-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.CertificateManagementKeyStore  {
	return dag.
			CertificateManagement().
			LoadKeyStoreFromPkcs12(pkcs12File, password)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.CertificateManagementKeyStore:
	return (
		dag.certificate_management()
		.load_key_store_from_pkcs12(pkcs12_file, password)
	)

@func()
example(pkcs12File: File, password: Secret): CertificateManagementKeyStore {
	return dag
		.certificateManagement()
		.loadKeyStoreFromPkcs12(pkcs12File, password)
}

loadTrustStoreFromPkcs12() 🔗

LoadTrustStoreFromPkcs12 wraps an existing PKCS#12 archive and its password as a TrustStore.

Return Type

CertificateManagementTrustStore !

Arguments

Name	Type	Default Value	Description
pkcs12File	File !	-	No description provided
password	Secret !	-	No description provided

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-trust-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.CertificateManagementTrustStore  {
	return dag.
			CertificateManagement().
			LoadTrustStoreFromPkcs12(pkcs12File, password)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.CertificateManagementTrustStore:
	return (
		dag.certificate_management()
		.load_trust_store_from_pkcs12(pkcs12_file, password)
	)

@func()
example(pkcs12File: File, password: Secret): CertificateManagementTrustStore {
	return dag
		.certificateManagement()
		.loadTrustStoreFromPkcs12(pkcs12File, password)
}

CertificateManagementCertificateAuthority 🔗

CertificateAuthority is a self-signed X.509 root capable of issuing leaf certificates. It carries its own PKCS#12 password used by KeyStore() and TrustStore().

certPemFile() 🔗

PEM-encoded CA certificate (public).

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 cert-pem-file

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			CertPemFile()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.cert_pem_file()
	)

@func()
example(pkcs12File: File, password: Secret): File {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.certPemFile()
}

privateKeyPem() 🔗

PEM-encoded PKCS#8 CA private key.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 private-key-pem

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			PrivateKeyPem()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.private_key_pem()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.privateKeyPem()
}

pwd() 🔗

PKCS#12 password bound at creation/load time.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 pwd

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			Pwd()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.pwd()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.pwd()
}

issueClientCertificate() 🔗

IssueClientCertificate signs a leaf TLS client certificate from the caller-supplied private key (PEM PKCS#8) using this CA.

Pure given its inputs; vary notBefore and serial per call to bust caching.

Return Type

CertificateManagementIssuedCertificate !

Arguments

Name	Type	Default Value	Description
commonName	String !	-	No description provided
validityDays	Integer !	365	No description provided
notBefore	String !	-	RFC3339 timestamp the certificate becomes valid at.
serial	String !	-	Hex-encoded certificate serial number (typically 32 hex chars = 128 bits). Must be a positive integer.
password	Secret !	-	No description provided
key	Secret !	-	PEM-encoded PKCS#8 private key for the leaf certificate.

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-client-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementIssuedCertificate  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueClientCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementIssuedCertificate:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_client_certificate(common_name, validity_days, not_before, serial, password1, key)
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): CertificateManagementIssuedCertificate {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueClientCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

issueMutualTlsCertificate() 🔗

IssueMutualTlsCertificate signs a leaf certificate that is valid for both server and client authentication, suitable for mutual-TLS use, from the caller-supplied private key (PEM PKCS#8).

Pure given its inputs; vary notBefore and serial per call to bust caching.

Return Type

CertificateManagementIssuedCertificate !

Arguments

Name	Type	Default Value	Description
commonName	String !	-	No description provided
dnsSans	[String ! ]	-	No description provided
ipSans	[String ! ]	-	No description provided
validityDays	Integer !	365	No description provided
notBefore	String !	-	RFC3339 timestamp the certificate becomes valid at.
serial	String !	-	Hex-encoded certificate serial number (typically 32 hex chars = 128 bits). Must be a positive integer.
password	Secret !	-	No description provided
key	Secret !	-	PEM-encoded PKCS#8 private key for the leaf certificate.

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-mutual-tls-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementIssuedCertificate  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueMutualTlsCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementIssuedCertificate:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_mutual_tls_certificate(common_name, validity_days, not_before, serial, password1, key)
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): CertificateManagementIssuedCertificate {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueMutualTlsCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

issueServerCertificate() 🔗

IssueServerCertificate signs a leaf TLS server certificate from the caller-supplied private key (PEM PKCS#8) using this CA. The leaf is embedded with the given DNS and IP Subject Alternative Names.

Pure given its inputs; vary notBefore and serial per call to bust caching.

Return Type

CertificateManagementIssuedCertificate !

Arguments

Name	Type	Default Value	Description
commonName	String !	-	Subject common name for the server certificate.
dnsSans	[String ! ]	-	DNS names to embed as Subject Alternative Names.
ipSans	[String ! ]	-	IP addresses to embed as Subject Alternative Names.
validityDays	Integer !	365	Number of days the certificate is valid for.
notBefore	String !	-	RFC3339 timestamp the certificate becomes valid at.
serial	String !	-	Hex-encoded certificate serial number (typically 32 hex chars = 128 bits). Must be a positive integer.
password	Secret !	-	PKCS#12 password used by the issued certificate's KeyStore and TrustStore.
key	Secret !	-	PEM-encoded PKCS#8 private key for the leaf certificate.

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementIssuedCertificate  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementIssuedCertificate:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): CertificateManagementIssuedCertificate {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
}

keyStore() 🔗

KeyStore returns a PKCS#12 archive containing the CA certificate and its private key, encrypted with the password bound at creation time.

Return Type

CertificateManagementKeyStore !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 key-store

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.CertificateManagementKeyStore  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			KeyStore()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.CertificateManagementKeyStore:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.key_store()
	)

@func()
example(pkcs12File: File, password: Secret): CertificateManagementKeyStore {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.keyStore()
}

trustStore() 🔗

TrustStore returns a PKCS#12 archive containing the CA certificate, suitable for distribution to clients that need to trust certificates issued by this CA.

Return Type

CertificateManagementTrustStore !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 trust-store

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.CertificateManagementTrustStore  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			TrustStore()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.CertificateManagementTrustStore:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.trust_store()
	)

@func()
example(pkcs12File: File, password: Secret): CertificateManagementTrustStore {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.trustStore()
}

CertificateManagementKeyStore 🔗

KeyStore is a PKCS#12 archive containing a certificate and its private key, protected by a password.

file() 🔗

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-key-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 file

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadKeyStoreFromPkcs12(pkcs12File, password).
			File()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_key_store_from_pkcs12(pkcs12_file, password)
		.file()
	)

@func()
example(pkcs12File: File, password: Secret): File {
	return dag
		.certificateManagement()
		.loadKeyStoreFromPkcs12(pkcs12File, password)
		.file()
}

pwd() 🔗

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-key-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 pwd

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadKeyStoreFromPkcs12(pkcs12File, password).
			Pwd()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_key_store_from_pkcs12(pkcs12_file, password)
		.pwd()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadKeyStoreFromPkcs12(pkcs12File, password)
		.pwd()
}

password() 🔗

Password returns the secret used to encrypt the PKCS#12 archive.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-key-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 password

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadKeyStoreFromPkcs12(pkcs12File, password).
			Password()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_key_store_from_pkcs12(pkcs12_file, password)
		.password()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadKeyStoreFromPkcs12(pkcs12File, password)
		.password()
}

pkcs12() 🔗

Pkcs12 returns the PKCS#12-encoded archive as a Dagger file.

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-key-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 pkcs-1-2

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadKeyStoreFromPkcs12(pkcs12File, password).
			Pkcs12()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_key_store_from_pkcs12(pkcs12_file, password)
		.pkcs12()
	)

@func()
example(pkcs12File: File, password: Secret): File {
	return dag
		.certificateManagement()
		.loadKeyStoreFromPkcs12(pkcs12File, password)
		.pkcs12()
}

CertificateManagementTrustStore 🔗

TrustStore is a PKCS#12 archive containing one or more trusted certificates, protected by a password.

file() 🔗

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-trust-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 file

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadTrustStoreFromPkcs12(pkcs12File, password).
			File()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_trust_store_from_pkcs12(pkcs12_file, password)
		.file()
	)

@func()
example(pkcs12File: File, password: Secret): File {
	return dag
		.certificateManagement()
		.loadTrustStoreFromPkcs12(pkcs12File, password)
		.file()
}

pwd() 🔗

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-trust-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 pwd

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadTrustStoreFromPkcs12(pkcs12File, password).
			Pwd()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_trust_store_from_pkcs12(pkcs12_file, password)
		.pwd()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadTrustStoreFromPkcs12(pkcs12File, password)
		.pwd()
}

password() 🔗

Password returns the secret used to encrypt the PKCS#12 archive.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-trust-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 password

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadTrustStoreFromPkcs12(pkcs12File, password).
			Password()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_trust_store_from_pkcs12(pkcs12_file, password)
		.password()
	)

@func()
example(pkcs12File: File, password: Secret): Secret {
	return dag
		.certificateManagement()
		.loadTrustStoreFromPkcs12(pkcs12File, password)
		.password()
}

pkcs12() 🔗

Pkcs12 returns the PKCS#12-encoded archive as a Dagger file.

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-trust-store-from-pkcs-1-2 --pkcs-1-2-file file:path --password env:MYSECRET \
 pkcs-1-2

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadTrustStoreFromPkcs12(pkcs12File, password).
			Pkcs12()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_trust_store_from_pkcs12(pkcs12_file, password)
		.pkcs12()
	)

@func()
example(pkcs12File: File, password: Secret): File {
	return dag
		.certificateManagement()
		.loadTrustStoreFromPkcs12(pkcs12File, password)
		.pkcs12()
}

CertificateManagementIssuedCertificate 🔗

IssuedCertificate is a leaf certificate signed by a CA, together with the issuing CA's certificate (used to build trust bundles).

certPemFile() 🔗

PEM-encoded leaf certificate.

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 cert-pem-file

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			CertPemFile()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.cert_pem_file()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): File {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.certPemFile()
}

privateKeyPem() 🔗

PEM-encoded PKCS#8 leaf private key.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 private-key-pem

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			PrivateKeyPem()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.private_key_pem()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): Secret {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.privateKeyPem()
}

issuerCertFile() 🔗

PEM-encoded issuing CA certificate.

Return Type

File !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 issuer-cert-file

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.File  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			IssuerCertFile()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.File:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.issuer_cert_file()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): File {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.issuerCertFile()
}

pwd() 🔗

PKCS#12 password.

Return Type

Secret !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 pwd

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.Secret  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			Pwd()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.Secret:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.pwd()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): Secret {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.pwd()
}

keyStore() 🔗

KeyStore returns a PKCS#12 archive containing the leaf certificate, its private key, and the issuing CA certificate as a chain entry.

Return Type

CertificateManagementKeyStore !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 key-store

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementKeyStore  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			KeyStore()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementKeyStore:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.key_store()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): CertificateManagementKeyStore {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.keyStore()
}

trustStore() 🔗

TrustStore returns a PKCS#12 archive containing the issuing CA certificate.

Return Type

CertificateManagementTrustStore !

Example

dagger -m github.com/z5labs/devex/daggerverse/certificate-management@d38cd46573b89a2722fb888c91ced6495d6825e9 call \
 load-certificate-authority --pkcs-1-2-file file:path --password env:MYSECRET \
 issue-server-certificate --common-name string --validity-days integer --not-before string --serial string --password env:MYSECRET --key env:MYSECRET \
 trust-store

func (m *MyModule) Example(pkcs12File *dagger.File, password *dagger.Secret, commonName string, validityDays int, notBefore string, serial string, password1 *dagger.Secret, key *dagger.Secret) *dagger.CertificateManagementTrustStore  {
	return dag.
			CertificateManagement().
			LoadCertificateAuthority(pkcs12File, password).
			IssueServerCertificate(commonName, validityDays, notBefore, serial, password1, key).
			TrustStore()
}

@function
def example(pkcs12_file: dagger.File, password: dagger.Secret, common_name: str, validity_days: int, not_before: str, serial: str, password1: dagger.Secret, key: dagger.Secret) -> dagger.CertificateManagementTrustStore:
	return (
		dag.certificate_management()
		.load_certificate_authority(pkcs12_file, password)
		.issue_server_certificate(common_name, validity_days, not_before, serial, password1, key)
		.trust_store()
	)

@func()
example(pkcs12File: File, password: Secret, commonName: string, validityDays: number, notBefore: string, serial: string, password1: Secret, key: Secret): CertificateManagementTrustStore {
	return dag
		.certificateManagement()
		.loadCertificateAuthority(pkcs12File, password)
		.issueServerCertificate(commonName, validityDays, notBefore, serial, password1, key)
		.trustStore()
}