Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3037583
Renew Vault certificates automation - renew.py
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
dereckson
Jun 2 2024, 22:35
2024-06-02 22:35:19 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
Renew Vault certificates automation - renew.py
View Options
#!/usr/bin/env python3
# -------------------------------------------------------------
# Renew Vault HTTPS certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Connect to Vault
# License: BSD-2-Clause
# -------------------------------------------------------------
import
hvac
import
yaml
import
json
import
requests
import
sys
from
pprint
import
pprint
# -------------------------------------------------------------
# Certificates renewal
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
CERTIFICATES_FRAGMENTS
=
{
"certificate"
:
"certificate.pem"
,
"issuing_ca"
:
"ca.pem"
,
"private_key"
:
"private.key"
,
}
CERTIFICATES_FULLCHAIN
=
[
"certificate"
,
"issuing_ca"
]
def
renew_vault_certificates
(
client
):
extra_params
=
{
"ttl"
:
"2160h"
,
"ip_sans"
:
"127.0.0.1,172.27.27.7"
,
}
response
=
client
.
secrets
.
pki
.
generate_certificate
(
name
=
'nasqueron-drake'
,
common_name
=
'complector.nasqueron.drake'
,
mount_point
=
'pki_vault'
,
extra_params
=
extra_params
,
)
certificate
=
response
[
"data"
]
for
key
,
certificate_file
in
CERTIFICATES_FRAGMENTS
.
items
():
with
open
(
certificate_file
,
"w"
)
as
fd
:
print
(
certificate
[
key
],
file
=
fd
)
with
open
(
"fullchain.pem"
,
"w"
)
as
fd
:
for
key
in
CERTIFICATES_FULLCHAIN
:
print
(
certificate
[
key
],
file
=
fd
)
# -------------------------------------------------------------
# Application entry point
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
def
run
():
client
=
hvac
.
Client
(
verify
=
False
)
renew_vault_certificates
(
client
)
if
__name__
==
"__main__"
:
run
()
File Metadata
Details
Attached
Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1906240
Default Alt Text
Renew Vault certificates automation - renew.py (1 KB)
Attached To
Mode
P352 Renew Vault certificates automation - renew.py
Attached
Detach File
Event Timeline
Log In to Comment