🔑 OpenSSL convenience scripts
This is a Docker container that can be used to generate a closed network of TLS credentials, suitable for use among sets of microservices that only need to (and only should) communicate among themselves.
-
You'll need a directory to store input and output.
mkdir certificates
-
Generate a password and store it in a file called
passwordwithin that directory.touch certificates/password chmod 600 certificates/password cat /dev/random | head -c 128 | base64 > certificates/password
-
Run the container with different commands to create a certificate authority, signed keypairs or self-signed keypairs. You'll need to mount your input/output directory to the path
/certificateswithin the container.KEYMASTER="docker run --rm -v $(pwd)/certificates/:/certificates/ cloudpipe/keymaster" # Certificate authority # certificates/ca.pem and certificates/ca-key.pem ${KEYMASTER} ca # Signed client keypair for "service1.host.com" # certificates/service1-cert.pem and certificates/service1-key.pem ${KEYMASTER} signed-keypair -n service1 -h service1.host.com # Signed server keypair for "service2.host.com" # certificates/service2-cert.pem and certificates/service2-key.pem ${KEYMASTER} signed-keypair -n service2 -h service2.host.com -p server # Self-signed credentials for development of externally-facing parts # certificates/external-cert.pem and certificates/external-key.pem ${KEYMASTER} selfsigned-keypair -n external