chore: bump github.com/go-acme/lego/v4 from 4.22.2 to 4.25.2 (#224)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>

.github/FUNDING.yml

@@ -0,0 +1,4 @@
+github: ldez
+ko_fi: ldez_oss
+liberapay: ldez
+thanks_dev: u/gh/ldez

.github/workflows/go-cross.yml

@@ -0,0 +1,40 @@
+name: Go Matrix
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+
+  cross:
+    name: Go
+    runs-on: ${{ matrix.os }}
+    env:
+      CGO_ENABLED: 0
+
+    strategy:
+      matrix:
+        go-version: [ stable ]
+        os: [ubuntu-latest, macos-latest, windows-latest]
+
+    steps:
+
+      # https://github.com/marketplace/actions/checkout
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # https://github.com/marketplace/actions/setup-go-environment
+      - name: Set up Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Test
+        run: go test -v -cover ./...
+
+      - name: Build
+        run: go build -v -ldflags "-s -w" -trimpath

.github/workflows/main.yml

@@ -0,0 +1,41 @@
+name: Main
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+
+  main:
+    name: Main Process
+    runs-on: ubuntu-latest
+    env:
+      GO_VERSION: stable
+      GOLANGCI_LINT_VERSION: v2.0.1
+      CGO_ENABLED: 0
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: Check and get dependencies
+        run: |
+          go mod download
+          go mod tidy
+          git diff --exit-code go.mod
+          git diff --exit-code go.sum
+
+      # https://golangci-lint.run/usage/install#other-ci
+      - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/HEAD/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
+          golangci-lint --version
+
+      - name: Make
+        run: make

.github/workflows/release.yml

@@ -0,0 +1,70 @@
+name: "Release a tag"
+on:
+  push:
+    tags:
+      - v*
+
+jobs:
+  release:
+    name: Release Process
+    runs-on: ubuntu-latest
+    env:
+      GO_VERSION: stable
+      CGO_ENABLED: 0
+
+    steps:
+      # temporary workaround for an error in free disk space action
+      # https://github.com/jlumbroso/free-disk-space/issues/14
+      - name: Update Package List and Remove Dotnet
+        run: |
+          sudo apt-get update
+          sudo apt-get remove -y '^dotnet-.*'
+
+      # https://github.com/marketplace/actions/free-disk-space-ubuntu
+      - name: Free Disk Space
+        uses: jlumbroso/free-disk-space@main
+        with:
+          # this might remove tools that are actually needed
+          tool-cache: false
+
+          # all of these default to true
+          android: true
+          dotnet: true
+          haskell: true
+          large-packages: true
+          docker-images: true
+          swap-storage: false
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
+      - name: dockerhub-login
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: ghcr-login
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: latest
+          args: release -p 1 --clean --timeout=90m
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.golangci.toml

@@ -1,42 +0,0 @@
-[run]
-  timeout = "5m"
-  skip-files = []
-
-[linters-settings]
-
-  [linters-settings.govet]
-    check-shadowing = true
-
-  [linters-settings.gocyclo]
-    min-complexity = 12.0
-
-  [linters-settings.maligned]
-    suggest-new = true
-
-  [linters-settings.goconst]
-    min-len = 3.0
-    min-occurrences = 3.0
-
-  [linters-settings.misspell]
-    locale = "US"
-
-[linters]
-  enable-all = true
-  disable = [
-    "maligned",
-    "lll",
-    "gas",
-    "dupl",
-    "prealloc",
-    "scopelint",
-    "wsl",
-  ]
-
-[issues]
-  exclude-use-default = false
-  max-per-linter = 0
-  max-same-issues = 0
-  exclude = ["ST1000: at least one file in a package should have a package comment"]
-  [[issues.exclude-rules]]
-    path = "cmd/"
-    linters = ["gochecknoglobals", "gochecknoinits"]

.golangci.yml

@@ -0,0 +1,108 @@
+version: "2"
+
+formatters:
+  enable:
+    - gci
+    - gofumpt
+  settings:
+    gofumpt:
+      extra-rules: true
+
+linters:
+  default: all
+  disable:
+    - cyclop # duplicate of gocyclo
+    - dupl
+    - err113
+    - exhaustive
+    - exhaustruct
+    - lll
+    - mnd
+    - nilnil
+    - nlreturn
+    - paralleltest
+    - prealloc
+    - rowserrcheck # not relevant (SQL)
+    - sqlclosecheck # not relevant (SQL)
+    - testpackage
+    - tparallel
+    - varnamelen
+    - wrapcheck
+    - wsl
+  settings:
+    depguard:
+      rules:
+        main:
+          deny:
+            - pkg: github.com/instana/testify
+              desc: not allowed
+            - pkg: github.com/pkg/errors
+              desc: Should be replaced by standard lib errors package
+    forbidigo:
+      forbid:
+        - pattern: ^print(ln)?$
+        - pattern: ^spew\.Print(f|ln)?$
+        - pattern: ^spew\.Dump$
+    funlen:
+      lines: -1
+      statements: 40
+    goconst:
+      min-len: 3
+      min-occurrences: 3
+    gocritic:
+      disabled-checks:
+        - sloppyReassign
+        - rangeValCopy
+        - octalLiteral
+        - paramTypeCombine # already handle by gofumpt.extra-rules
+      enabled-tags:
+        - diagnostic
+        - style
+        - performance
+      settings:
+        hugeParam:
+          sizeThreshold: 100
+    gocyclo:
+      min-complexity: 12
+    godox:
+      keywords:
+        - FIXME
+    gomoddirectives:
+      replace-allow-list:
+        - github.com/abbot/go-http-auth
+        - github.com/go-check/check
+        - github.com/gorilla/mux
+        - github.com/mailgun/minheap
+        - github.com/mailgun/multibuf
+        - github.com/jaguilar/vt100
+    gosec:
+      excludes:
+        - G204 # Subprocess launched with a potential tainted input or cmd arguments
+        - G301 # Expect directory permissions to be 0750 or less
+        - G306 # Expect WriteFile permissions to be 0600 or less
+    govet:
+      disable:
+        - fieldalignment
+      enable-all: true
+    misspell:
+      locale: US
+
+  exclusions:
+    presets:
+      - comments
+    rules:
+      - linters:
+          - gochecknoglobals
+          - gochecknoinits
+        path: cmd/
+      - linters:
+          - tagalign
+        path: internal/traefikv[1-3]/
+      - path: (.+)\.go$
+        text: 'ST1000: at least one file in a package should have a package comment'
+      - path: (.+)\.go$
+        text: 'package-comments: should have a package comment'
+
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0

.goreleaser.yml

@@ -1,3 +1,4 @@
+version: 2
 project_name: traefik-certs-dumper
 
 builds:
@@ -5,7 +6,7 @@ builds:
     ldflags:
       - -s -w -X github.com/ldez/traefik-certs-dumper/cmd.version={{.Version}} -X github.com/ldez/traefik-certs-dumper/cmd.commit={{.ShortCommit}} -X github.com/ldez/traefik-certs-dumper/cmd.date={{.Date}}
     env:
-      - GO111MODULE=on
+      - CGO_ENABLED=0
     goos:
       - linux
       - darwin
@@ -40,9 +41,182 @@ changelog:
 archives:
   - id: tcd
     name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
-    format: tar.gz
+    formats: [ 'tar.gz' ]
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [ 'zip' ]
     files:
       - LICENSE
+
+docker_manifests:
+  - name_template: 'ldez/traefik-certs-dumper:{{ .Tag }}'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ldez/traefik-certs-dumper:latest'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}'
+    image_templates:
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:latest'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+  - name_template: 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}'
+    image_templates:
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+
+dockers:
+  - use: buildx
+    goos: linux
+    goarch: amd64
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-amd64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-amd64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-amd64'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/amd64'
+
+  - use: buildx
+    goos: linux
+    goarch: arm64
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-arm64'
+      - 'ldez/traefik-certs-dumper:latest-arm.v8' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v8' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-arm64'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-arm64'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm64'
+
+  - use: buildx
+    goos: linux
+    goarch: arm
+    goarm: '7'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-armv7'
+      - 'ldez/traefik-certs-dumper:latest-arm.v7' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v7' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv7'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv7'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm/v7'
+
+  - use: buildx
+    goos: linux
+    goarch: arm
+    goarm: '6'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-armv6'
+      - 'ldez/traefik-certs-dumper:latest-arm.v6' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-arm.v6' # only for compatibility with Seihon
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-armv6'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-armv6'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/arm/v6'
+
+  - use: buildx
+    goos: linux
+    goarch: '386'
+    dockerfile: buildx.Dockerfile
+    image_templates:
+      - 'ldez/traefik-certs-dumper:latest-386'
+      - 'ldez/traefik-certs-dumper:{{ .Tag }}-386'
+      - 'ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:latest-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:{{ .Tag }}-386'
+      - 'ghcr.io/ldez/traefik-certs-dumper:v{{ .Major }}.{{ .Minor }}-386'
+    build_flag_templates:
+      - '--pull'
+      # https://github.com/opencontainers/image-spec/blob/main/annotations.md#pre-defined-annotation-keys
+      - '--label=org.opencontainers.image.title={{.ProjectName}}'
+      - '--label=org.opencontainers.image.description=Dump ACME data from Traefik to certificates'
+      - '--label=org.opencontainers.image.source={{.GitURL}}'
+      - '--label=org.opencontainers.image.url={{.GitURL}}'
+      - '--label=org.opencontainers.image.documentation=https://github.com/ldez/traefik-certs-dumper'
+      - '--label=org.opencontainers.image.created={{.Date}}'
+      - '--label=org.opencontainers.image.revision={{.FullCommit}}'
+      - '--label=org.opencontainers.image.version={{.Version}}'
+      - '--platform=linux/386'

.travis.yml

@@ -1,64 +0,0 @@
-language: go
-
-dist: xenial
-
-notifications:
-  email:
-    on_success: never
-    on_failure: change
-
-cache:
-  directories:
-    - $GOPATH/pkg/mod
-
-matrix:
-  fast_finish: true
-  include:
-    - go: 1.13.x
-      env: STABLE=true
-    - go: 1.x
-    - go: tip
-  allow_failures:
-    - go: tip
-
-env:
-  global:
-    - GO111MODULE=on
-
-services:
-  - docker
-
-before_install:
-  # Install linters and misspell
-  - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin ${GOLANGCI_LINT_VERSION}
-  - golangci-lint --version
-  # Install Docker image multi-arch builder
-  - curl -sfL https://raw.githubusercontent.com/ldez/seihon/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${SEIHON_VERSION}
-  - seihon --version
-
-install:
-  - go mod tidy
-  - git diff --exit-code go.mod
-  - git diff --exit-code go.sum
-  - go mod download
-
-before_deploy:
-  - >
-    if ! [ "$BEFORE_DEPLOY_RUN" ]; then
-      export BEFORE_DEPLOY_RUN=1;
-      echo "${DOCKER_PASSWORD}" | docker login -u "${DOCKER_USERNAME}" --password-stdin
-    fi
-
-deploy:
-  - provider: script
-    skip_cleanup: true
-    script: curl -sL https://git.io/goreleaser | bash
-    on:
-      tags: true
-      condition: $STABLE = true
-  - provider: script
-    skip_cleanup: true
-    script: make publish-images
-    on:
-      tags: true
-      condition: $STABLE = true

Dockerfile

@@ -1,21 +0,0 @@
-FROM golang:1-alpine as builder
-
-RUN apk --update upgrade \
-    && apk --no-cache --no-progress add git make gcc musl-dev
-
-WORKDIR /go/src/github.com/ldez/traefik-certs-dumper
-
-ENV GO111MODULE on
-COPY go.mod go.sum ./
-RUN go mod download
-
-COPY . .
-RUN make build
-
-FROM alpine:3.10
-RUN apk --update upgrade \
-    && apk --no-cache --no-progress add ca-certificates
-
-COPY --from=builder /go/src/github.com/ldez/traefik-certs-dumper/traefik-certs-dumper /usr/bin/traefik-certs-dumper
-
-ENTRYPOINT ["/usr/bin/traefik-certs-dumper"]

LICENSE

@@ -1,4 +1,4 @@
-Copyright 2019 Fernandez Ludovic
+Copyright 2019-2024 Fernandez Ludovic
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

Makefile

@@ -25,6 +25,3 @@ checks:
 
 doc:
 	go run . doc
-
-publish-images:
-	seihon publish -v "$(TAG_NAME)" -v "latest" --image-name ldez/traefik-certs-dumper --dry-run=false

buildx.Dockerfile

@@ -0,0 +1,9 @@
+# syntax=docker/dockerfile:1.4
+FROM alpine:3
+
+RUN apk --no-cache --no-progress add git ca-certificates tzdata jq \
+    && rm -rf /var/cache/apk/*
+
+COPY traefik-certs-dumper /usr/bin/traefik-certs-dumper
+
+ENTRYPOINT ["/usr/bin/traefik-certs-dumper"]

cmd/boltdb.go

@@ -1,14 +1,16 @@
 package cmd
 
 import (
-	"github.com/abronan/valkeyrie/store"
-	"github.com/abronan/valkeyrie/store/boltdb"
+	"context"
+	"time"
+
+	"github.com/kvtools/boltdb"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/kv"
 	"github.com/spf13/cobra"
 )
 
-// boltdbCmd represents the boltdb command
+// boltdbCmd represents the boltdb command.
 var boltdbCmd = &cobra.Command{
 	Use:   "boltdb",
 	Short: "Dump the content of BoltDB.",
@@ -29,11 +31,20 @@ func boltdbRun(baseConfig *dumper.BaseConfig, cmd *cobra.Command) error {
 		return err
 	}
 
-	config.Options.Bucket = cmd.Flag("bucket").Value.String()
-	config.Options.PersistConnection, _ = cmd.Flags().GetBool("persist-connection")
+	connectionTimeout, err := cmd.Flags().GetInt("connection-timeout")
+	if err != nil {
+		return err
+	}
 
-	config.Backend = store.BOLTDB
-	boltdb.Register()
+	persistConnection, _ := cmd.Flags().GetBool("persist-connection")
 
-	return kv.Dump(config, baseConfig)
+	config.Options = &boltdb.Config{
+		Bucket:            cmd.Flag("bucket").Value.String(),
+		PersistConnection: persistConnection,
+		ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
+	}
+
+	config.StoreName = boltdb.StoreName
+
+	return kv.Dump(context.Background(), config, baseConfig)
 }

cmd/consul.go

@@ -1,14 +1,16 @@
 package cmd
 
 import (
-	"github.com/abronan/valkeyrie/store"
-	"github.com/abronan/valkeyrie/store/consul"
+	"context"
+	"time"
+
+	"github.com/kvtools/consul"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/kv"
 	"github.com/spf13/cobra"
 )
 
-// consulCmd represents the consul command
+// consulCmd represents the consul command.
 var consulCmd = &cobra.Command{
 	Use:   "consul",
 	Short: "Dump the content of Consul.",
@@ -28,10 +30,24 @@ func consulRun(baseConfig *dumper.BaseConfig, cmd *cobra.Command) error {
 		return err
 	}
 
-	config.Options.Token = cmd.Flag("token").Value.String()
+	tlsConfig, err := createTLSConfig(cmd)
+	if err != nil {
+		return err
+	}
 
-	config.Backend = store.CONSUL
-	consul.Register()
+	connectionTimeout, err := cmd.Flags().GetInt("connection-timeout")
+	if err != nil {
+		return err
+	}
 
-	return kv.Dump(config, baseConfig)
+	config.Options = &consul.Config{
+		TLS:               tlsConfig,
+		ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
+		Token:             cmd.Flag("token").Value.String(),
+		Namespace:         "",
+	}
+
+	config.StoreName = consul.StoreName
+
+	return kv.Dump(context.Background(), config, baseConfig)
 }

cmd/doc.go

@@ -5,12 +5,12 @@ import (
 	"github.com/spf13/cobra/doc"
 )
 
-// docCmd represents the doc command
+// docCmd represents the doc command.
 var docCmd = &cobra.Command{
 	Use:    "doc",
 	Short:  "Generate documentation",
 	Hidden: true,
-	RunE: func(cmd *cobra.Command, args []string) error {
+	RunE: func(_ *cobra.Command, _ []string) error {
 		return doc.GenMarkdownTree(rootCmd, "./docs")
 	},
 }

cmd/etcd.go

@@ -1,17 +1,17 @@
 package cmd
 
 import (
+	"context"
 	"time"
 
-	"github.com/abronan/valkeyrie/store"
-	etcdv2 "github.com/abronan/valkeyrie/store/etcd/v2"
-	etcdv3 "github.com/abronan/valkeyrie/store/etcd/v3"
+	"github.com/kvtools/etcdv2"
+	"github.com/kvtools/etcdv3"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/kv"
 	"github.com/spf13/cobra"
 )
 
-// etcdCmd represents the etcd command
+// etcdCmd represents the etcd command.
 var etcdCmd = &cobra.Command{
 	Use:   "etcd",
 	Short: "Dump the content of etcd.",
@@ -32,25 +32,47 @@ func etcdRun(baseConfig *dumper.BaseConfig, cmd *cobra.Command) error {
 		return err
 	}
 
+	backend, err := cmd.Flags().GetString("etcd-version")
+	if err != nil {
+		return err
+	}
+
+	tlsConfig, err := createTLSConfig(cmd)
+	if err != nil {
+		return err
+	}
+
 	synPeriod, err := cmd.Flags().GetInt("sync-period")
 	if err != nil {
 		return err
 	}
-	config.Options.SyncPeriod = time.Duration(synPeriod) * time.Second
 
-	backend, err := cmd.Flags().GetString("etcd-version")
+	connectionTimeout, err := cmd.Flags().GetInt("connection-timeout")
 	if err != nil {
 		return err
 	}
 
 	switch backend {
 	case "etcdv3":
-		config.Backend = store.ETCDV3
-		etcdv3.Register()
+		config.Options = &etcdv3.Config{
+			TLS:               tlsConfig,
+			ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
+			SyncPeriod:        time.Duration(synPeriod) * time.Second,
+			Username:          cmd.Flag("password").Value.String(),
+			Password:          cmd.Flag("username").Value.String(),
+		}
+		config.StoreName = etcdv3.StoreName
 	default:
-		config.Backend = store.ETCD
-		etcdv2.Register()
+		config.Options = &etcdv2.Config{
+			TLS:               tlsConfig,
+			ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
+			SyncPeriod:        time.Duration(synPeriod) * time.Second,
+			Username:          cmd.Flag("password").Value.String(),
+			Password:          cmd.Flag("username").Value.String(),
+		}
+
+		config.StoreName = etcdv2.StoreName
 	}
 
-	return kv.Dump(config, baseConfig)
+	return kv.Dump(context.Background(), config, baseConfig)
 }

cmd/file.go

@@ -1,12 +1,13 @@
 package cmd
 
 import (
+	"context"
+
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/file"
 	"github.com/spf13/cobra"
 )
 
-// fileCmd represents the file command
 var fileCmd = &cobra.Command{
 	Use:   "file",
 	Short: `Dump the content of the "acme.json" file.`,
@@ -16,7 +17,7 @@ var fileCmd = &cobra.Command{
 
 		baseConfig.Version = cmd.Flag("version").Value.String()
 
-		return file.Dump(acmeFile, baseConfig)
+		return file.Dump(context.Background(), acmeFile, baseConfig)
 	}),
 }
 
@@ -24,5 +25,5 @@ func init() {
 	rootCmd.AddCommand(fileCmd)
 
 	fileCmd.Flags().String("source", "./acme.json", "Path to 'acme.json' file.")
-	fileCmd.Flags().String("version", "", "Traefik version. If empty use v1. Possible values: 'v2'.")
+	fileCmd.Flags().String("version", "", "Traefik version. If empty use v1. Possible values: 'v2', 'v3'.")
 }

cmd/kv.go

@@ -3,17 +3,16 @@ package cmd
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
-	"time"
+	"path/filepath"
 
-	"github.com/abronan/valkeyrie/store"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/kv"
 	"github.com/spf13/cobra"
 )
 
-// kvCmd represents the kv command
+// kvCmd represents the kv command.
 var kvCmd = &cobra.Command{
 	Use:   "kv",
 	Short: `Dump the content of a KV store.`,
@@ -44,26 +43,10 @@ func getKvConfig(cmd *cobra.Command) (*kv.Config, error) {
 		return nil, err
 	}
 
-	connectionTimeout, err := cmd.Flags().GetInt("connection-timeout")
-	if err != nil {
-		return nil, err
-	}
-
-	tlsConfig, err := createTLSConfig(cmd)
-	if err != nil {
-		return nil, err
-	}
-
 	return &kv.Config{
 		Endpoints: endpoints,
 		Prefix:    cmd.Flag("prefix").Value.String(),
 		Suffix:    cmd.Flag("suffix").Value.String(),
-		Options: &store.Config{
-			ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
-			Username:          cmd.Flag("password").Value.String(),
-			Password:          cmd.Flag("username").Value.String(),
-			TLS:               tlsConfig,
-		},
 	}, nil
 }
 
@@ -86,8 +69,8 @@ func createTLSConfig(cmd *cobra.Command) (*tls.Config, error) {
 	privateKey := cmd.Flag("tls.key").Value.String()
 	certContent := cmd.Flag("tls.cert").Value.String()
 
-	if !insecureSkipVerify && (len(certContent) == 0 || len(privateKey) == 0) {
-		return nil, fmt.Errorf("TLS Certificate or Key file must be set when TLS configuration is created")
+	if !insecureSkipVerify && (certContent == "" || privateKey == "") {
+		return nil, errors.New("TLS Certificate or Key file must be set when TLS configuration is created")
 	}
 
 	cert, err := getCertificate(privateKey, certContent)
@@ -98,7 +81,7 @@ func createTLSConfig(cmd *cobra.Command) (*tls.Config, error) {
 	return &tls.Config{
 		Certificates:       []tls.Certificate{cert},
 		RootCAs:            caPool,
-		InsecureSkipVerify: insecureSkipVerify,
+		InsecureSkipVerify: insecureSkipVerify, //nolint:gosec // it's a CLI option.
 		ClientAuth:         clientAuth,
 	}, nil
 }
@@ -113,7 +96,7 @@ func getCertPool(ca string) (*x509.CertPool, error) {
 		}
 
 		if !caPool.AppendCertsFromPEM(caContent) {
-			return nil, fmt.Errorf("failed to parse CA")
+			return nil, errors.New("failed to parse CA")
 		}
 	}
 
@@ -121,11 +104,14 @@ func getCertPool(ca string) (*x509.CertPool, error) {
 }
 
 func getCAContent(ca string) ([]byte, error) {
-	if _, errCA := os.Stat(ca); errCA != nil {
-		return []byte(ca), nil
+	if _, err := os.Stat(ca); err != nil {
+		if os.IsNotExist(err) {
+			return []byte(ca), nil
+		}
+		return nil, err
 	}
 
-	caContent, err := ioutil.ReadFile(ca)
+	caContent, err := os.ReadFile(filepath.Clean(ca))
 	if err != nil {
 		return nil, err
 	}
@@ -152,11 +138,11 @@ func getCertificate(privateKey, certContent string) (tls.Certificate, error) {
 	_, errCertIsFile := os.Stat(certContent)
 
 	if errCertIsFile == nil && os.IsNotExist(errKeyIsFile) {
-		return tls.Certificate{}, fmt.Errorf("tls cert is a file, but tls key is not")
+		return tls.Certificate{}, errors.New("tls cert is a file, but tls key is not")
 	}
 
 	if os.IsNotExist(errCertIsFile) && errKeyIsFile == nil {
-		return tls.Certificate{}, fmt.Errorf("TLS key is a file, but tls cert is not")
+		return tls.Certificate{}, errors.New("TLS key is a file, but tls cert is not")
 	}
 
 	// string

cmd/root.go

@@ -1,27 +1,30 @@
 package cmd
 
 import (
+	"crypto/rand"
 	"fmt"
-	"io/ioutil"
 	"log"
+	"math/big"
 	"os"
 	"path/filepath"
 	"strconv"
+	"time"
 
+	"github.com/charmbracelet/lipgloss"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
-	homedir "github.com/mitchellh/go-homedir"
+	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 )
 
 var cfgFile string
 
-// rootCmd represents the base command when called without any subcommands
+// rootCmd represents the base command when called without any subcommands.
 var rootCmd = &cobra.Command{
 	Use:   "traefik-certs-dumper",
 	Short: "Dump Let's Encrypt certificates from Traefik.",
 	Long:  `Dump Let's Encrypt certificates from Traefik.`,
-	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+	PersistentPreRunE: func(cmd *cobra.Command, _ []string) error {
 		if cmd.Name() == "version" {
 			return nil
 		}
@@ -35,6 +38,7 @@ var rootCmd = &cobra.Command{
 				return fmt.Errorf("--crt-ext (%q) and --key-ext (%q) are identical, in this case --domain-subdir is required", crtExt, keyExt)
 			}
 		}
+
 		return nil
 	},
 }
@@ -46,6 +50,8 @@ func Execute() {
 		log.Println(err)
 		os.Exit(1)
 	}
+
+	help()
 }
 
 func init() {
@@ -117,7 +123,7 @@ func tree(root, indent string) error {
 		return nil
 	}
 
-	fis, err := ioutil.ReadDir(root)
+	fis, err := os.ReadDir(root)
 	if err != nil {
 		return fmt.Errorf("could not read dir %s: %w", root, err)
 	}
@@ -132,10 +138,10 @@ func tree(root, indent string) error {
 	for i, name := range names {
 		add := "│  "
 		if i == len(names)-1 {
-			fmt.Printf(indent + "└──")
+			fmt.Print(indent + "└──")
 			add = "   "
 		} else {
-			fmt.Printf(indent + "├──")
+			fmt.Print(indent + "├──")
 		}
 
 		if err := tree(filepath.Join(root, name), indent+add); err != nil {
@@ -178,3 +184,34 @@ func getBaseConfig(cmd *cobra.Command) (*dumper.BaseConfig, error) {
 		Hook:         cmd.Flag("post-hook").Value.String(),
 	}, nil
 }
+
+func help() {
+	var maxInt int64 = 2 // -> 50%
+	if time.Now().Month() == time.December {
+		maxInt = 1 // -> 100%
+	}
+
+	n, _ := rand.Int(rand.Reader, big.NewInt(maxInt))
+	if n.Cmp(big.NewInt(0)) != 0 {
+		return
+	}
+
+	log.SetFlags(0)
+
+	pStyle := lipgloss.NewStyle().
+		Padding(1).
+		BorderStyle(lipgloss.RoundedBorder()).
+		BorderForeground(lipgloss.Color("161")).
+		Align(lipgloss.Center)
+
+	hStyle := lipgloss.NewStyle().Bold(true)
+
+	s := fmt.Sprintln(hStyle.Render("Request for Donation."))
+	s += `
+I need your help!
+Donations fund the maintenance and development of traefik-certs-dumper.
+Click on this link to donate: https://donate.ldez.dev`
+
+	log.Println(pStyle.Render(s))
+	log.SetFlags(log.LstdFlags | log.Lshortfile)
+}

cmd/version.go

@@ -13,11 +13,11 @@ var (
 	date    = "I don't remember exactly"
 )
 
-// versionCmd represents the version command
+// versionCmd represents the version command.
 var versionCmd = &cobra.Command{
 	Use:   "version",
 	Short: "Display version",
-	Run: func(cmd *cobra.Command, args []string) {
+	Run: func(_ *cobra.Command, _ []string) {
 		displayVersion(rootCmd.Name())
 	},
 }

cmd/zookeeper.go

@@ -1,14 +1,16 @@
 package cmd
 
 import (
-	"github.com/abronan/valkeyrie/store"
-	"github.com/abronan/valkeyrie/store/zookeeper"
+	"context"
+	"time"
+
+	"github.com/kvtools/zookeeper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper/kv"
 	"github.com/spf13/cobra"
 )
 
-// zookeeperCmd represents the zookeeper command
+// zookeeperCmd represents the zookeeper command.
 var zookeeperCmd = &cobra.Command{
 	Use:   "zookeeper",
 	Short: "Dump the content of zookeeper.",
@@ -26,8 +28,19 @@ func zookeeperRun(baseConfig *dumper.BaseConfig, cmd *cobra.Command) error {
 		return err
 	}
 
-	config.Backend = store.ZK
-	zookeeper.Register()
+	connectionTimeout, err := cmd.Flags().GetInt("connection-timeout")
+	if err != nil {
+		return err
+	}
 
-	return kv.Dump(config, baseConfig)
+	config.Options = &zookeeper.Config{
+		ConnectionTimeout: time.Duration(connectionTimeout) * time.Second,
+		Username:          cmd.Flag("password").Value.String(),
+		Password:          cmd.Flag("username").Value.String(),
+		MaxBufferSize:     0,
+	}
+
+	config.StoreName = zookeeper.StoreName
+
+	return kv.Dump(context.Background(), config, baseConfig)
 }

contrib/readme.md

@@ -0,0 +1 @@
+This directory content external contributions that are not maintain by @ldez.

contrib/traefik-certs-dumper.service

@@ -0,0 +1,40 @@
+[Unit]
+Description=traefik certs dumper
+; If you do not start traefik via systemd, choose network.target or docker.target
+After=traefik.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+Restart=on-abnormal
+User=root
+ExecStart=/usr/local/bin/traefik-certs-dumper file --version v2 --source /etc/traefik/acme/acme.json --dest /etc/ssl --watch
+RestartSec=30
+TimeoutSec=30
+;WatchdogSec=30
+
+; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
+; LimitNOFILE=1048576
+; Limit number of processes in this unit
+LimitNPROC=1
+
+; Use private /tmp and /var/tmp, which are discarded after traefik stops.
+PrivateTmp=true
+; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pis or other devices)
+PrivateDevices=true
+; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome=true
+; Make cgroups /sys/fs/cgroup read-only
+ProtectControlGroups=true
+; Make kernel settings (procfs and sysfs) read-only
+ProtectKernelTunables=true
+; Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem=full
+; This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
+ReadWriteDirectories=/etc/ssl
+ReadOnlyPaths=/etc/traefik/acme/acme.json
+
+; The following additional security directives only work with systemd v229 or later.
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target

docs/docker-compose-traefik-v1.yml

@@ -0,0 +1,42 @@
+services:
+  traefik:
+    image: traefik:v1.7
+    command:
+      - --logLevel=INFO
+      - --defaultEntryPoints=web,websecure
+      - "--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure"
+      - "--entryPoints=Name:websecure Address::443 TLS"
+      - --docker
+      - --docker.exposedByDefault=false
+      - --acme
+      - --acme.email=email@example.com
+      - --acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --acme.entrypoint=websecure
+      - --acme.storage=/letsencrypt/acme.json
+      - --acme.onHostRule
+      - --acme.tlsChallenge
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./letsencrypt:/letsencrypt
+
+  traefik-certs-dumper:
+    image: ldez/traefik-certs-dumper:v2.9.3
+    entrypoint: sh -c '
+      while ! [ -e /data/acme.json ]
+        || ! [ `jq ".Certificates | length" /data/acme.json` != 0 ]; do
+          sleep 1
+      ; done
+      && traefik-certs-dumper file --watch
+        --source /data/acme.json --dest /data/certs'
+    volumes:
+      - ./letsencrypt:/data
+    network_mode: "none"
+
+  whoami:
+    image: traefik/whoami:v1.8.1
+    labels:
+      traefik.enable: true
+      traefik.frontend.rule: Host:example.com

docs/docker-compose-traefik-v2.yml

@@ -0,0 +1,44 @@
+services:
+
+  traefik:
+    image: traefik:v2.11.3
+    command:
+      - --log.level=INFO
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.websecure.http.tls=true
+      - --entrypoints.websecure.http.tls.certResolver=le
+      - --providers.docker.exposedbydefault=false
+      - --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.le.acme.email=email@example.com
+      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --certificatesresolvers.le.acme.tlsChallenge=true
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./letsencrypt/:/letsencrypt
+
+  traefik-certs-dumper:
+    image: ldez/traefik-certs-dumper:v2.9.3
+    entrypoint: sh -c '
+      while ! [ -e /data/acme.json ]
+      || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
+      sleep 1
+      ; done
+      && traefik-certs-dumper file --version v2 --watch
+      --source /data/acme.json --dest /data/certs'
+    volumes:
+      - ./letsencrypt:/data
+    network_mode: "none"
+    
+  whoami:
+    image: traefik/whoami:v1.8.1
+    labels:
+      traefik.enable: 'true'
+
+      traefik.http.routers.app.rule: Host(`example.com`)
+      traefik.http.routers.app.entrypoints: websecure

docs/traefik-certs-dumper.md

@@ -24,8 +24,9 @@ Dump Let's Encrypt certificates from Traefik.
 
 ### SEE ALSO
 
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
 * [traefik-certs-dumper file](traefik-certs-dumper_file.md)	 - Dump the content of the "acme.json" file.
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 * [traefik-certs-dumper version](traefik-certs-dumper_version.md)	 - Display version
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion.md

@@ -0,0 +1,40 @@
+## traefik-certs-dumper completion
+
+Generate the autocompletion script for the specified shell
+
+### Synopsis
+
+Generate the autocompletion script for traefik-certs-dumper for the specified shell.
+See each sub-command's help for details on how to use the generated script.
+
+
+### Options
+
+```
+  -h, --help   help for completion
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
+* [traefik-certs-dumper completion bash](traefik-certs-dumper_completion_bash.md)	 - Generate the autocompletion script for bash
+* [traefik-certs-dumper completion fish](traefik-certs-dumper_completion_fish.md)	 - Generate the autocompletion script for fish
+* [traefik-certs-dumper completion powershell](traefik-certs-dumper_completion_powershell.md)	 - Generate the autocompletion script for powershell
+* [traefik-certs-dumper completion zsh](traefik-certs-dumper_completion_zsh.md)	 - Generate the autocompletion script for zsh
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_bash.md

@@ -0,0 +1,59 @@
+## traefik-certs-dumper completion bash
+
+Generate the autocompletion script for bash
+
+### Synopsis
+
+Generate the autocompletion script for the bash shell.
+
+This script depends on the 'bash-completion' package.
+If it is not installed already, you can install it via your OS's package manager.
+
+To load completions in your current shell session:
+
+	source <(traefik-certs-dumper completion bash)
+
+To load completions for every new session, execute once:
+
+#### Linux:
+
+	traefik-certs-dumper completion bash > /etc/bash_completion.d/traefik-certs-dumper
+
+#### macOS:
+
+	traefik-certs-dumper completion bash > $(brew --prefix)/etc/bash_completion.d/traefik-certs-dumper
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion bash
+```
+
+### Options
+
+```
+  -h, --help              help for bash
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_fish.md

@@ -0,0 +1,50 @@
+## traefik-certs-dumper completion fish
+
+Generate the autocompletion script for fish
+
+### Synopsis
+
+Generate the autocompletion script for the fish shell.
+
+To load completions in your current shell session:
+
+	traefik-certs-dumper completion fish | source
+
+To load completions for every new session, execute once:
+
+	traefik-certs-dumper completion fish > ~/.config/fish/completions/traefik-certs-dumper.fish
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion fish [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for fish
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_powershell.md

@@ -0,0 +1,47 @@
+## traefik-certs-dumper completion powershell
+
+Generate the autocompletion script for powershell
+
+### Synopsis
+
+Generate the autocompletion script for powershell.
+
+To load completions in your current shell session:
+
+	traefik-certs-dumper completion powershell | Out-String | Invoke-Expression
+
+To load completions for every new session, add the output of the above command
+to your powershell profile.
+
+
+```
+traefik-certs-dumper completion powershell [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for powershell
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_completion_zsh.md

@@ -0,0 +1,61 @@
+## traefik-certs-dumper completion zsh
+
+Generate the autocompletion script for zsh
+
+### Synopsis
+
+Generate the autocompletion script for the zsh shell.
+
+If shell completion is not already enabled in your environment you will need
+to enable it.  You can execute the following once:
+
+	echo "autoload -U compinit; compinit" >> ~/.zshrc
+
+To load completions in your current shell session:
+
+	source <(traefik-certs-dumper completion zsh)
+
+To load completions for every new session, execute once:
+
+#### Linux:
+
+	traefik-certs-dumper completion zsh > "${fpath[1]}/_traefik-certs-dumper"
+
+#### macOS:
+
+	traefik-certs-dumper completion zsh > $(brew --prefix)/share/zsh/site-functions/_traefik-certs-dumper
+
+You will need to start a new shell for this setup to take effect.
+
+
+```
+traefik-certs-dumper completion zsh [flags]
+```
+
+### Options
+
+```
+  -h, --help              help for zsh
+      --no-descriptions   disable completion descriptions
+```
+
+### Options inherited from parent commands
+
+```
+      --clean              Clean destination folder before dumping content. (default true)
+      --config string      config file (default is $HOME/.traefik-certs-dumper.yaml)
+      --crt-ext string     The file extension of the generated certificates. (default ".crt")
+      --crt-name string    The file name (without extension) of the generated certificates. (default "certificate")
+      --dest string        Path to store the dump content. (default "./dump")
+      --domain-subdir      Use domain as sub-directory.
+      --key-ext string     The file extension of the generated private keys. (default ".key")
+      --key-name string    The file name (without extension) of the generated private keys. (default "privatekey")
+      --post-hook string   Execute a command only if changes occurs on the data source. (works only with the watch mode)
+      --watch              Enable watching changes.
+```
+
+### SEE ALSO
+
+* [traefik-certs-dumper completion](traefik-certs-dumper_completion.md)	 - Generate the autocompletion script for the specified shell
+
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_file.md

@@ -15,7 +15,7 @@ traefik-certs-dumper file [flags]
 ```
   -h, --help             help for file
       --source string    Path to 'acme.json' file. (default "./acme.json")
-      --version string   Traefik version. If empty use v1. Possible values: 'v2'.
+      --version string   Traefik version. If empty use v1. Possible values: 'v2', 'v3'.
 ```
 
 ### Options inherited from parent commands
@@ -37,4 +37,4 @@ traefik-certs-dumper file [flags]
 
 * [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv.md

@@ -47,4 +47,4 @@ Dump the content of a KV store.
 * [traefik-certs-dumper kv etcd](traefik-certs-dumper_kv_etcd.md)	 - Dump the content of etcd.
 * [traefik-certs-dumper kv zookeeper](traefik-certs-dumper_kv_zookeeper.md)	 - Dump the content of zookeeper.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_boltdb.md

@@ -49,4 +49,4 @@ traefik-certs-dumper kv boltdb [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_consul.md

@@ -48,4 +48,4 @@ traefik-certs-dumper kv consul [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_etcd.md

@@ -49,4 +49,4 @@ traefik-certs-dumper kv etcd [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_kv_zookeeper.md

@@ -47,4 +47,4 @@ traefik-certs-dumper kv zookeeper [flags]
 
 * [traefik-certs-dumper kv](traefik-certs-dumper_kv.md)	 - Dump the content of a KV store.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

docs/traefik-certs-dumper_version.md

@@ -2,10 +2,6 @@
 
 Display version
 
-### Synopsis
-
-Display version
-
 ```
 traefik-certs-dumper version [flags]
 ```
@@ -35,4 +31,4 @@ traefik-certs-dumper version [flags]
 
 * [traefik-certs-dumper](traefik-certs-dumper.md)	 - Dump Let's Encrypt certificates from Traefik.
 
-###### Auto generated by spf13/cobra on 9-Oct-2019
+###### Auto generated by spf13/cobra on 21-Feb-2025

dumper/file/file.go

@@ -2,76 +2,112 @@ package file
 
 import (
 	"bytes"
-	"crypto/md5"
+	"context"
+	"crypto/sha256"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
 	"log"
 	"os"
+	"path/filepath"
 	"strings"
 
-	"github.com/containous/traefik/v2/pkg/provider/acme"
 	"github.com/fsnotify/fsnotify"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
-	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
-	v2 "github.com/ldez/traefik-certs-dumper/v2/dumper/v2"
+	dumperv1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
+	dumperv2 "github.com/ldez/traefik-certs-dumper/v2/dumper/v2"
+	dumperv3 "github.com/ldez/traefik-certs-dumper/v2/dumper/v3"
 	"github.com/ldez/traefik-certs-dumper/v2/hook"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv2"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv3"
 )
 
 // Dump Dumps "acme.json" file to certificates.
-func Dump(acmeFile string, baseConfig *dumper.BaseConfig) error {
+func Dump(ctx context.Context, acmeFile string, baseConfig *dumper.BaseConfig) error {
 	err := dump(acmeFile, baseConfig)
 	if err != nil {
 		return err
 	}
 
 	if baseConfig.Watch {
-		hook.Exec(baseConfig.Hook)
+		hook.Exec(ctx, baseConfig.Hook)
 
-		return watch(acmeFile, baseConfig)
+		return watch(ctx, acmeFile, baseConfig)
 	}
+
 	return nil
 }
 
 func dump(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	if baseConfig.Version == "v2" {
+	switch baseConfig.Version {
+	case "v3":
+		err := dumpV3(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v3: dump failed: %w", err)
+		}
+
+		return nil
+
+	case "v2":
 		err := dumpV2(acmeFile, baseConfig)
 		if err != nil {
 			return fmt.Errorf("v2: dump failed: %w", err)
 		}
+
+		return nil
+
+	case "v1":
+		err := dumpV1(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v1: dump failed: %w", err)
+		}
+
+		return nil
+
+	default:
+		err := dumpV1(acmeFile, baseConfig)
+		if err != nil {
+			return fmt.Errorf("v1: dump failed: %w", err)
+		}
+
 		return nil
 	}
-
-	err := dumpV1(acmeFile, baseConfig)
-	if err != nil {
-		return fmt.Errorf("v1: dump failed: %w", err)
-	}
-	return nil
 }
 
 func dumpV1(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	data := &v1.StoredData{}
+	data := &traefikv1.StoredData{}
 	err := readJSONFile(acmeFile, data)
 	if err != nil {
 		return err
 	}
 
-	return v1.Dump(data, baseConfig)
+	return dumperv1.Dump(data, baseConfig)
 }
 
 func dumpV2(acmeFile string, baseConfig *dumper.BaseConfig) error {
-	data := map[string]*acme.StoredData{}
+	data := map[string]*traefikv2.StoredData{}
 	err := readJSONFile(acmeFile, &data)
 	if err != nil {
 		return err
 	}
 
-	return v2.Dump(data, baseConfig)
+	return dumperv2.Dump(data, baseConfig)
+}
+
+func dumpV3(acmeFile string, baseConfig *dumper.BaseConfig) error {
+	data := map[string]*traefikv3.StoredData{}
+	err := readJSONFile(acmeFile, &data)
+	if err != nil {
+		return err
+	}
+
+	return dumperv3.Dump(data, baseConfig)
 }
 
 func readJSONFile(acmeFile string, data interface{}) error {
-	source, err := os.Open(acmeFile)
+	source, err := os.Open(filepath.Clean(acmeFile))
 	if err != nil {
 		return fmt.Errorf("failed to open file %q: %w", acmeFile, err)
 	}
@@ -89,7 +125,7 @@ func readJSONFile(acmeFile string, data interface{}) error {
 	return nil
 }
 
-func watch(acmeFile string, baseConfig *dumper.BaseConfig) error {
+func watch(ctx context.Context, acmeFile string, baseConfig *dumper.BaseConfig) error {
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
 		return fmt.Errorf("failed to create new watcher: %w", err)
@@ -112,7 +148,7 @@ func watch(acmeFile string, baseConfig *dumper.BaseConfig) error {
 					log.Println("event:", event)
 				}
 
-				hash, errW := manageEvent(watcher, event, acmeFile, previousHash, baseConfig)
+				hash, errW := manageEvent(ctx, watcher, event, acmeFile, previousHash, baseConfig)
 				if errW != nil {
 					log.Println("error:", errW)
 					done <- true
@@ -143,7 +179,7 @@ func watch(acmeFile string, baseConfig *dumper.BaseConfig) error {
 	return nil
 }
 
-func manageEvent(watcher *fsnotify.Watcher, event fsnotify.Event, acmeFile string, previousHash []byte, baseConfig *dumper.BaseConfig) ([]byte, error) {
+func manageEvent(ctx context.Context, watcher *fsnotify.Watcher, event fsnotify.Event, acmeFile string, previousHash []byte, baseConfig *dumper.BaseConfig) ([]byte, error) {
 	err := manageRename(watcher, event, acmeFile)
 	if err != nil {
 		return nil, fmt.Errorf("watcher renewal failed: %w", err)
@@ -167,7 +203,7 @@ func manageEvent(watcher *fsnotify.Watcher, event fsnotify.Event, acmeFile strin
 			log.Println("Dumped new certificate data.")
 		}
 
-		hook.Exec(baseConfig.Hook)
+		hook.Exec(ctx, baseConfig.Hook)
 	}
 
 	return hash, nil
@@ -186,13 +222,13 @@ func manageRename(watcher *fsnotify.Watcher, event fsnotify.Event, acmeFile stri
 }
 
 func calculateHash(acmeFile string) ([]byte, error) {
-	file, err := os.Open(acmeFile)
+	file, err := os.Open(filepath.Clean(acmeFile))
 	if err != nil {
 		return nil, err
 	}
 	defer func() { _ = file.Close() }()
 
-	h := md5.New()
+	h := sha256.New()
 	_, err = io.Copy(h, file)
 	if err != nil {
 		return nil, err

dumper/file/file_test.go

@@ -1,8 +1,6 @@
 package file
 
 import (
-	"io/ioutil"
-	"os"
 	"testing"
 
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
@@ -28,16 +26,18 @@ func TestDump(t *testing.T) {
 			acmeFile: "./fixtures/acme-v2.json",
 			version:  "v2",
 		},
+		{
+			desc:     "should dump traefik v3 file content",
+			acmeFile: "./fixtures/acme-v3.json",
+			version:  "v3",
+		},
 	}
 
 	for _, test := range testCases {
-		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
 
-			dir, err := ioutil.TempDir("", "traefik-cert-dumper")
-			require.NoError(t, err)
-			defer func() { _ = os.RemoveAll(dir) }()
+			dir := t.TempDir()
 
 			cfg := &dumper.BaseConfig{
 				DumpPath: dir,
@@ -53,7 +53,7 @@ func TestDump(t *testing.T) {
 				Version: test.version,
 			}
 
-			err = Dump(test.acmeFile, cfg)
+			err := Dump(t.Context(), test.acmeFile, cfg)
 			require.NoError(t, err)
 		})
 	}

dumper/file/fixtures/acme-v3.json

@@ -0,0 +1,36 @@
+{
+  "default": {
+    "Account": {
+      "Email": "test@email.com",
+      "Registration": {
+        "body": {
+          "status": "valid",
+          "contact": [
+            "mailto:test@email.com"
+          ]
+        },
+        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/12345678"
+      },
+      "PrivateKey": "Q2VydGlmaWNhdGUgS2V5",
+      "KeyType": "4096"
+    },
+    "Certificates": [
+      {
+        "domain": {
+          "main": "my.domain.com"
+        },
+        "certificate": "Q2VydGlmaWNhdGU=",
+        "key": "Q2VydGlmaWNhdGUgS2V5",
+        "Store": "default"
+      },
+      {
+        "domain": {
+          "main": "my.domain2.com"
+        },
+        "certificate": "Q2VydGlmaWNhdGU=",
+        "key": "Q2VydGlmaWNhdGUgS2V5",
+        "Store": "default"
+      }
+    ]
+  }
+}

dumper/kv/config.go

@@ -1,12 +1,14 @@
 package kv
 
-import "github.com/abronan/valkeyrie/store"
+import (
+	"github.com/kvtools/valkeyrie"
+)
 
 // Config KV configuration.
 type Config struct {
-	Backend   store.Backend
+	StoreName string
 	Prefix    string
 	Suffix    string
 	Endpoints []string
-	Options   *store.Config
+	Options   valkeyrie.Config
 }

dumper/kv/convert.go

@@ -1,12 +1,12 @@
 package kv
 
 import (
-	"github.com/go-acme/lego/v3/certcrypto"
-	"github.com/go-acme/lego/v3/registration"
-	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
-// CertificateOld is used to store certificate info
+// CertificateOld is used to store certificate info.
 type CertificateOld struct {
 	Domain        string
 	CertURL       string
@@ -15,7 +15,7 @@ type CertificateOld struct {
 	Certificate   []byte
 }
 
-// AccountOld is used to store lets encrypt registration info
+// AccountOld is used to store lets encrypt registration info.
 type AccountOld struct {
 	Email              string
 	Registration       *registration.Resource
@@ -26,27 +26,27 @@ type AccountOld struct {
 	HTTPChallenge      map[string]map[string][]byte
 }
 
-// DomainsCertificates stores a certificate for multiple domains
+// DomainsCertificates stores a certificate for multiple domains.
 type DomainsCertificates struct {
 	Certs []*DomainsCertificate
 }
 
-// ChallengeCert stores a challenge certificate
+// ChallengeCert stores a challenge certificate.
 type ChallengeCert struct {
 	Certificate []byte
 	PrivateKey  []byte
 }
 
-// DomainsCertificate contains a certificate for multiple domains
+// DomainsCertificate contains a certificate for multiple domains.
 type DomainsCertificate struct {
-	Domains     v1.Domain
+	Domains     traefikv1.Domain
 	Certificate *CertificateOld
 }
 
 // convertOldAccount converts account information from old account format.
-func convertOldAccount(account *AccountOld) *v1.StoredData {
-	storedData := &v1.StoredData{
-		Account: &v1.Account{
+func convertOldAccount(account *AccountOld) *traefikv1.StoredData {
+	storedData := &traefikv1.StoredData{
+		Account: &traefikv1.Account{
 			PrivateKey:   account.PrivateKey,
 			Registration: account.Registration,
 			Email:        account.Email,
@@ -54,9 +54,9 @@ func convertOldAccount(account *AccountOld) *v1.StoredData {
 		},
 	}
 
-	var certs []*v1.Certificate
+	var certs []*traefikv1.Certificate
 	for _, oldCert := range account.DomainsCertificate.Certs {
-		certs = append(certs, &v1.Certificate{
+		certs = append(certs, &traefikv1.Certificate{
 			Certificate: oldCert.Certificate.Certificate,
 			Domain:      oldCert.Domains,
 			Key:         oldCert.Certificate.PrivateKey,

dumper/kv/kv.go

@@ -3,26 +3,28 @@ package kv
 import (
 	"bytes"
 	"compress/gzip"
+	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"os"
 	"strings"
 
-	"github.com/abronan/valkeyrie"
-	"github.com/abronan/valkeyrie/store"
+	"github.com/kvtools/valkeyrie"
+	"github.com/kvtools/valkeyrie/store"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
 	v1 "github.com/ldez/traefik-certs-dumper/v2/dumper/v1"
 	"github.com/ldez/traefik-certs-dumper/v2/hook"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
 // DefaultStoreKeySuffix is the default suffix/storage.
 const DefaultStoreKeySuffix = "/acme/account/object"
 
 // Dump Dumps KV content to certificates.
-func Dump(config *Config, baseConfig *dumper.BaseConfig) error {
-	kvStore, err := valkeyrie.NewStore(config.Backend, config.Endpoints, config.Options)
+func Dump(ctx context.Context, config *Config, baseConfig *dumper.BaseConfig) error {
+	kvStore, err := valkeyrie.NewStore(ctx, config.StoreName, config.Endpoints, config.Options)
 	if err != nil {
 		return fmt.Errorf("unable to create client of the store: %w", err)
 	}
@@ -30,10 +32,10 @@ func Dump(config *Config, baseConfig *dumper.BaseConfig) error {
 	storeKey := config.Prefix + config.Suffix
 
 	if baseConfig.Watch {
-		return watch(kvStore, storeKey, baseConfig)
+		return watch(ctx, kvStore, storeKey, baseConfig)
 	}
 
-	pair, err := kvStore.Get(storeKey, nil)
+	pair, err := kvStore.Get(ctx, storeKey, nil)
 	if err != nil {
 		return fmt.Errorf("unable to retrieve %s value: %w", storeKey, err)
 	}
@@ -41,10 +43,8 @@ func Dump(config *Config, baseConfig *dumper.BaseConfig) error {
 	return dumpPair(pair, baseConfig)
 }
 
-func watch(kvStore store.Store, storeKey string, baseConfig *dumper.BaseConfig) error {
-	stopCh := make(<-chan struct{})
-
-	pairs, err := kvStore.Watch(storeKey, stopCh, nil)
+func watch(ctx context.Context, kvStore store.Store, storeKey string, baseConfig *dumper.BaseConfig) error {
+	pairs, err := kvStore.Watch(ctx, storeKey, nil)
 	if err != nil {
 		return err
 	}
@@ -64,7 +64,7 @@ func watch(kvStore store.Store, storeKey string, baseConfig *dumper.BaseConfig)
 			log.Println("Dumped new certificate data.")
 		}
 
-		hook.Exec(baseConfig.Hook)
+		hook.Exec(ctx, baseConfig.Hook)
 	}
 }
 
@@ -77,18 +77,19 @@ func dumpPair(pair *store.KVPair, baseConfig *dumper.BaseConfig) error {
 	return v1.Dump(data, baseConfig)
 }
 
-func getStoredDataFromGzip(pair *store.KVPair) (*v1.StoredData, error) {
+func getStoredDataFromGzip(pair *store.KVPair) (*traefikv1.StoredData, error) {
 	reader, err := gzip.NewReader(bytes.NewBuffer(pair.Value))
 	if err != nil {
 		return nil, fmt.Errorf("fail to create GZip reader: %w", err)
 	}
 
-	acmeData, err := ioutil.ReadAll(reader)
+	acmeData, err := io.ReadAll(reader)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read the pair content: %w", err)
 	}
 
 	account := &AccountOld{}
+	//nolint:musttag // old format
 	if err := json.Unmarshal(acmeData, &account); err != nil {
 		return nil, fmt.Errorf("unable marshal AccountOld: %w", err)
 	}

dumper/v1/dumper.go

@@ -3,12 +3,12 @@ package v1
 import (
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
-	"github.com/go-acme/lego/v3/certcrypto"
+	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv1"
 )
 
 const (
@@ -17,7 +17,7 @@ const (
 )
 
 // Dump Dumps data to certificates.
-func Dump(data *StoredData, baseConfig *dumper.BaseConfig) error {
+func Dump(data *traefikv1.StoredData, baseConfig *dumper.BaseConfig) error {
 	if baseConfig.Clean {
 		err := cleanDir(baseConfig.DumpPath)
 		if err != nil {
@@ -26,12 +26,12 @@ func Dump(data *StoredData, baseConfig *dumper.BaseConfig) error {
 	}
 
 	if !baseConfig.DomainSubDir {
-		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0o755); err != nil {
 			return fmt.Errorf("certs folder creation failure: %w", err)
 		}
 	}
 
-	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0o755); err != nil {
 		return fmt.Errorf("keys folder creation failure: %w", err)
 	}
 
@@ -52,34 +52,34 @@ func Dump(data *StoredData, baseConfig *dumper.BaseConfig) error {
 	}
 
 	privateKeyPem := extractPEMPrivateKey(data.Account)
-	return ioutil.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0600)
+	return os.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0o600)
 }
 
-func writeCert(dumpPath string, cert *Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeCert(dumpPath string, cert *traefikv1.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
-		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
 			return err
 		}
 	}
 
-	return ioutil.WriteFile(certPath, cert.Certificate, 0666)
+	return os.WriteFile(certPath, cert.Certificate, 0o666)
 }
 
-func writeKey(dumpPath string, cert *Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeKey(dumpPath string, cert *traefikv1.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
-		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
 			return err
 		}
 	}
 
-	return ioutil.WriteFile(keyPath, cert.Key, 0600)
+	return os.WriteFile(keyPath, cert.Key, 0o600)
 }
 
-func extractPEMPrivateKey(account *Account) []byte {
+func extractPEMPrivateKey(account *traefikv1.Account) []byte {
 	var block *pem.Block
 	switch account.KeyType {
 	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:
@@ -93,7 +93,7 @@ func extractPEMPrivateKey(account *Account) []byte {
 			Bytes: account.PrivateKey,
 		}
 	default:
-		panic("unsupported key type")
+		panic(fmt.Sprintf("unsupported key type: '%v'", account.KeyType))
 	}
 
 	return pem.EncodeToMemory(block)
@@ -109,7 +109,7 @@ func cleanDir(dumpPath string) error {
 		return errExists
 	}
 
-	dir, err := ioutil.ReadDir(dumpPath)
+	dir, err := os.ReadDir(dumpPath)
 	if err != nil {
 		return err
 	}

dumper/v1/filename.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package v1

dumper/v2/dumper.go

@@ -3,13 +3,12 @@ package v2
 import (
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 
-	"github.com/containous/traefik/v2/pkg/provider/acme"
-	"github.com/go-acme/lego/v3/certcrypto"
+	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/ldez/traefik-certs-dumper/v2/dumper"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv2"
 )
 
 const (
@@ -18,7 +17,7 @@ const (
 )
 
 // Dump Dumps data to certificates.
-func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error {
+func Dump(data map[string]*traefikv2.StoredData, baseConfig *dumper.BaseConfig) error {
 	if baseConfig.Clean {
 		err := cleanDir(baseConfig.DumpPath)
 		if err != nil {
@@ -27,12 +26,12 @@ func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error
 	}
 
 	if !baseConfig.DomainSubDir {
-		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0o755); err != nil {
 			return fmt.Errorf("certs folder creation failure: %w", err)
 		}
 	}
 
-	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0755); err != nil {
+	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0o755); err != nil {
 		return fmt.Errorf("keys folder creation failure: %w", err)
 	}
 
@@ -55,7 +54,7 @@ func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error
 
 		privateKeyPem := extractPEMPrivateKey(store.Account)
 
-		err := ioutil.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0600)
+		err := os.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0o600)
 		if err != nil {
 			return fmt.Errorf("failed to write private key: %w", err)
 		}
@@ -64,31 +63,31 @@ func Dump(data map[string]*acme.StoredData, baseConfig *dumper.BaseConfig) error
 	return nil
 }
 
-func writeCert(dumpPath string, cert acme.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeCert(dumpPath string, cert traefikv2.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
-		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
 			return err
 		}
 	}
 
-	return ioutil.WriteFile(certPath, cert.Certificate, 0666)
+	return os.WriteFile(certPath, cert.Certificate, 0o666)
 }
 
-func writeKey(dumpPath string, cert acme.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+func writeKey(dumpPath string, cert traefikv2.Certificate, info dumper.FileInfo, domainSubDir bool) error {
 	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
 	if domainSubDir {
 		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
-		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0755); err != nil {
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
 			return err
 		}
 	}
 
-	return ioutil.WriteFile(keyPath, cert.Key, 0600)
+	return os.WriteFile(keyPath, cert.Key, 0o600)
 }
 
-func extractPEMPrivateKey(account *acme.Account) []byte {
+func extractPEMPrivateKey(account *traefikv2.Account) []byte {
 	var block *pem.Block
 	switch account.KeyType {
 	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:
@@ -102,7 +101,7 @@ func extractPEMPrivateKey(account *acme.Account) []byte {
 			Bytes: account.PrivateKey,
 		}
 	default:
-		panic("unsupported key type")
+		panic(fmt.Sprintf("unsupported key type: '%v'", account.KeyType))
 	}
 
 	return pem.EncodeToMemory(block)
@@ -118,7 +117,7 @@ func cleanDir(dumpPath string) error {
 		return errExists
 	}
 
-	dir, err := ioutil.ReadDir(dumpPath)
+	dir, err := os.ReadDir(dumpPath)
 	if err != nil {
 		return err
 	}

dumper/v2/filename.go

@@ -1,3 +1,4 @@
+//go:build !windows
 // +build !windows
 
 package v2

dumper/v3/dumper.go

@@ -0,0 +1,132 @@
+package v3
+
+import (
+	"encoding/pem"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/ldez/traefik-certs-dumper/v2/dumper"
+	"github.com/ldez/traefik-certs-dumper/v2/internal/traefikv3"
+)
+
+const (
+	certsSubDir = "certs"
+	keysSubDir  = "private"
+)
+
+// Dump Dumps data to certificates.
+func Dump(data map[string]*traefikv3.StoredData, baseConfig *dumper.BaseConfig) error {
+	if baseConfig.Clean {
+		err := cleanDir(baseConfig.DumpPath)
+		if err != nil {
+			return fmt.Errorf("folder cleaning failed: %w", err)
+		}
+	}
+
+	if !baseConfig.DomainSubDir {
+		if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, certsSubDir), 0o755); err != nil {
+			return fmt.Errorf("certs folder creation failure: %w", err)
+		}
+	}
+
+	if err := os.MkdirAll(filepath.Join(baseConfig.DumpPath, keysSubDir), 0o755); err != nil {
+		return fmt.Errorf("keys folder creation failure: %w", err)
+	}
+
+	for _, store := range data {
+		for _, cert := range store.Certificates {
+			err := writeCert(baseConfig.DumpPath, cert.Certificate, baseConfig.CrtInfo, baseConfig.DomainSubDir)
+			if err != nil {
+				return fmt.Errorf("failed to write certificates: %w", err)
+			}
+
+			err = writeKey(baseConfig.DumpPath, cert.Certificate, baseConfig.KeyInfo, baseConfig.DomainSubDir)
+			if err != nil {
+				return fmt.Errorf("failed to write certificate keys: %w", err)
+			}
+		}
+
+		if store.Account == nil {
+			continue
+		}
+
+		privateKeyPem := extractPEMPrivateKey(store.Account)
+
+		err := os.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0o600)
+		if err != nil {
+			return fmt.Errorf("failed to write private key: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func writeCert(dumpPath string, cert traefikv3.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+	certPath := filepath.Join(dumpPath, certsSubDir, safeName(cert.Domain.Main+info.Ext))
+	if domainSubDir {
+		certPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
+			return err
+		}
+	}
+
+	return os.WriteFile(certPath, cert.Certificate, 0o666)
+}
+
+func writeKey(dumpPath string, cert traefikv3.Certificate, info dumper.FileInfo, domainSubDir bool) error {
+	keyPath := filepath.Join(dumpPath, keysSubDir, safeName(cert.Domain.Main+info.Ext))
+	if domainSubDir {
+		keyPath = filepath.Join(dumpPath, safeName(cert.Domain.Main), info.Name+info.Ext)
+		if err := os.MkdirAll(filepath.Join(dumpPath, safeName(cert.Domain.Main)), 0o755); err != nil {
+			return err
+		}
+	}
+
+	return os.WriteFile(keyPath, cert.Key, 0o600)
+}
+
+func extractPEMPrivateKey(account *traefikv3.Account) []byte {
+	var block *pem.Block
+	switch account.KeyType {
+	case certcrypto.RSA2048, certcrypto.RSA4096, certcrypto.RSA8192:
+		block = &pem.Block{
+			Type:  "RSA PRIVATE KEY",
+			Bytes: account.PrivateKey,
+		}
+	case certcrypto.EC256, certcrypto.EC384:
+		block = &pem.Block{
+			Type:  "EC PRIVATE KEY",
+			Bytes: account.PrivateKey,
+		}
+	default:
+		panic(fmt.Sprintf("unsupported key type: '%v'", account.KeyType))
+	}
+
+	return pem.EncodeToMemory(block)
+}
+
+func cleanDir(dumpPath string) error {
+	_, errExists := os.Stat(dumpPath)
+	if os.IsNotExist(errExists) {
+		return nil
+	}
+
+	if errExists != nil {
+		return errExists
+	}
+
+	dir, err := os.ReadDir(dumpPath)
+	if err != nil {
+		return err
+	}
+
+	for _, f := range dir {
+		if err := os.RemoveAll(filepath.Join(dumpPath, f.Name())); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

dumper/v3/filename.go

@@ -0,0 +1,8 @@
+//go:build !windows
+// +build !windows
+
+package v3
+
+func safeName(filename string) string {
+	return filename
+}

dumper/v3/filename_windows.go

@@ -0,0 +1,10 @@
+//go:build windows
+// +build windows
+
+package v3
+
+import "strings"
+
+func safeName(filename string) string {
+	return strings.ReplaceAll(filename, "*", "_")
+}

go.mod

@@ -1,33 +1,90 @@
 module github.com/ldez/traefik-certs-dumper/v2
 
-go 1.12
+go 1.24.0
 
 require (
-	github.com/abronan/valkeyrie v0.0.0-20191010124425-1ae9442de16e
-	github.com/containous/traefik/v2 v2.1.1
-	github.com/fsnotify/fsnotify v1.4.8-0.20190312181446-1485a34d5d57
-	github.com/go-acme/lego/v3 v3.2.0
+	github.com/charmbracelet/lipgloss v1.0.0
+	github.com/fsnotify/fsnotify v1.9.0
+	github.com/go-acme/lego/v4 v4.25.2
+	github.com/kvtools/boltdb v1.0.2
+	github.com/kvtools/consul v1.0.2
+	github.com/kvtools/etcdv2 v1.0.2
+	github.com/kvtools/etcdv3 v1.0.2
+	github.com/kvtools/valkeyrie v1.0.0
+	github.com/kvtools/zookeeper v1.0.2
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/spf13/cobra v0.0.5
-	github.com/spf13/viper v1.6.1
-	github.com/stretchr/testify v1.4.0
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/viper v1.19.0
+	github.com/stretchr/testify v1.10.0
 )
 
-// related to valkeyrie
-replace github.com/hashicorp/consul => github.com/hashicorp/consul v1.6.0
-
-// related to Traefik
-replace (
-	github.com/Azure/go-autorest => github.com/Azure/go-autorest v12.4.1+incompatible
-	github.com/docker/docker => github.com/docker/engine v0.0.0-20190725163905-fa8dd90ceb7b
+require (
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+	github.com/charmbracelet/x/ansi v0.4.2 // indirect
+	github.com/coreos/go-semver v0.3.1 // indirect
+	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.7 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/fatih/color v1.18.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.1 // indirect
+	github.com/go-zookeeper/zk v1.0.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/hashicorp/consul/api v1.28.2 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-hclog v1.6.3 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-metrics v0.5.4 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/golang-lru v1.0.2 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/serf v0.10.2 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/magiconair/properties v1.8.9 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	go.etcd.io/bbolt v1.3.6 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.14 // indirect
+	go.etcd.io/etcd/client/v2 v2.305.12 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.14 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.40.0 // indirect
+	golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
+	golang.org/x/net v0.42.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/grpc v1.73.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-// related to Traefik: Containous forks
-replace (
-	github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20180112153951-65b0cdae8d7f
-	github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
-	github.com/gorilla/mux => github.com/containous/mux v0.0.0-20181024131434-c33f32e26898
-	github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
-	github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba
-	github.com/rancher/go-rancher-metadata => github.com/containous/go-rancher-metadata v0.0.0-20190402144056-c6a65f8b7a28
-)
+exclude github.com/tencentcloud/tencentcloud-sdk-go v3.0.83+incompatible

hook/hook.go

@@ -11,21 +11,21 @@ import (
 )
 
 // Exec Execute a command on a go routine.
-func Exec(command string) {
+func Exec(ctx context.Context, command string) {
 	if command == "" {
 		return
 	}
 
 	go func() {
-		errH := execute(command)
+		errH := execute(ctx, command)
 		if errH != nil {
 			panic(errH)
 		}
 	}()
 }
 
-func execute(command string) error {
-	ctxCmd, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+func execute(ctx context.Context, command string) error {
+	ctxCmd, cancel := context.WithTimeout(ctx, 30*time.Second)
 	defer cancel()
 
 	parts := strings.Fields(os.ExpandEnv(command))
@@ -34,7 +34,7 @@ func execute(command string) error {
 		fmt.Println(string(output))
 	}
 
-	if ctxCmd.Err() == context.DeadlineExceeded {
+	if errors.Is(ctxCmd.Err(), context.DeadlineExceeded) {
 		return errors.New("hook timed out")
 	}
 

hook/hook_test.go

@@ -1,6 +1,8 @@
 package hook
 
-import "testing"
+import (
+	"testing"
+)
 
 func Test_execute(t *testing.T) {
 	testCases := []struct {
@@ -19,7 +21,7 @@ func Test_execute(t *testing.T) {
 
 	for _, test := range testCases {
 		t.Run(test.desc, func(t *testing.T) {
-			err := execute(test.command)
+			err := execute(t.Context(), test.command)
 			if err != nil {
 				t.Fatal(err)
 			}

integrationtest/loader.go

@@ -3,16 +3,17 @@ package main
 import (
 	"bytes"
 	"compress/gzip"
-	"io/ioutil"
+	"context"
 	"log"
+	"os"
+	"path/filepath"
 	"time"
 
-	"github.com/abronan/valkeyrie"
-	"github.com/abronan/valkeyrie/store"
-	"github.com/abronan/valkeyrie/store/boltdb"
-	"github.com/abronan/valkeyrie/store/consul"
-	etcdv3 "github.com/abronan/valkeyrie/store/etcd/v3"
-	"github.com/abronan/valkeyrie/store/zookeeper"
+	"github.com/kvtools/boltdb"
+	"github.com/kvtools/consul"
+	"github.com/kvtools/etcdv3"
+	"github.com/kvtools/valkeyrie"
+	"github.com/kvtools/zookeeper"
 )
 
 const storeKey = "traefik/acme/account/object"
@@ -21,38 +22,43 @@ func main() {
 	log.SetFlags(log.Lshortfile)
 
 	source := "./acme.json"
-	err := loadData(source)
+	err := loadData(context.Background(), source)
 	if err != nil {
 		log.Fatal(err)
 	}
 }
 
-func loadData(source string) error {
+func loadData(ctx context.Context, source string) error {
 	content, err := readFile(source)
 	if err != nil {
 		return err
 	}
 
 	// Consul
-	err = putData(store.CONSUL, []string{"localhost:8500"}, content)
+
+	err = putData(ctx, consul.StoreName, []string{"localhost:8500"},
+		&consul.Config{ConnectionTimeout: 3 * time.Second}, content)
 	if err != nil {
 		return err
 	}
 
 	// ETCD v3
-	err = putData(store.ETCDV3, []string{"localhost:2379"}, content)
+	err = putData(ctx, etcdv3.StoreName, []string{"localhost:2379"},
+		&etcdv3.Config{ConnectionTimeout: 3 * time.Second}, content)
 	if err != nil {
 		return err
 	}
 
 	// Zookeeper
-	err = putData(store.ZK, []string{"localhost:2181"}, content)
+	err = putData(ctx, zookeeper.StoreName, []string{"localhost:2181"},
+		&zookeeper.Config{ConnectionTimeout: 3 * time.Second}, content)
 	if err != nil {
 		return err
 	}
 
 	// BoltDB
-	err = putData(store.BOLTDB, []string{"/tmp/test-traefik-certs-dumper.db"}, content)
+	err = putData(ctx, boltdb.StoreName, []string{"/tmp/test-traefik-certs-dumper.db"},
+		&boltdb.Config{ConnectionTimeout: 3 * time.Second, Bucket: "traefik"}, content)
 	if err != nil {
 		return err
 	}
@@ -60,29 +66,13 @@ func loadData(source string) error {
 	return nil
 }
 
-func putData(backend store.Backend, addrs []string, content []byte) error {
-	storeConfig := &store.Config{
-		ConnectionTimeout: 3 * time.Second,
-		Bucket:            "traefik",
-	}
-
-	switch backend {
-	case store.CONSUL:
-		consul.Register()
-	case store.ETCDV3:
-		etcdv3.Register()
-	case store.ZK:
-		zookeeper.Register()
-	case store.BOLTDB:
-		boltdb.Register()
-	}
-
-	kvStore, err := valkeyrie.NewStore(backend, addrs, storeConfig)
+func putData(ctx context.Context, backend string, addrs []string, options valkeyrie.Config, content []byte) error {
+	kvStore, err := valkeyrie.NewStore(ctx, backend, addrs, options)
 	if err != nil {
 		return err
 	}
 
-	if err := kvStore.Put(storeKey, content, nil); err != nil {
+	if err := kvStore.Put(ctx, storeKey, content, nil); err != nil {
 		return err
 	}
 
@@ -91,7 +81,7 @@ func putData(backend store.Backend, addrs []string, content []byte) error {
 }
 
 func readFile(source string) ([]byte, error) {
-	content, err := ioutil.ReadFile(source)
+	content, err := os.ReadFile(filepath.Clean(source))
 	if err != nil {
 		return nil, err
 	}

internal/traefikv1/acme.go

@@ -1,11 +1,11 @@
-package v1
+package traefikv1
 
 import (
-	"github.com/go-acme/lego/v3/certcrypto"
-	"github.com/go-acme/lego/v3/registration"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
 )
 
-// StoredData represents the data managed by the Store
+// StoredData represents the data managed by the Store.
 type StoredData struct {
 	Account        *Account
 	Certificates   []*Certificate
@@ -13,20 +13,20 @@ type StoredData struct {
 	TLSChallenges  map[string]*Certificate
 }
 
-// Certificate is a struct which contains all data needed from an ACME certificate
+// Certificate is a struct which contains all data needed from an ACME certificate.
 type Certificate struct {
 	Domain      Domain
 	Certificate []byte
 	Key         []byte
 }
 
-// Domain holds a domain name with SANs
+// Domain holds a domain name with SANs.
 type Domain struct {
 	Main string
 	SANs []string
 }
 
-// Account is used to store lets encrypt registration info
+// Account is used to store lets encrypt registration info.
 type Account struct {
 	Email        string
 	Registration *registration.Resource

internal/traefikv2/acme.go

@@ -0,0 +1,101 @@
+package traefikv2
+
+import (
+	"crypto"
+	"crypto/x509"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+// StoredData represents the data managed by Store.
+type StoredData struct {
+	Account      *Account
+	Certificates []*CertAndStore
+}
+
+// Account is used to store lets encrypt registration info.
+type Account struct {
+	Email        string
+	Registration *registration.Resource
+	PrivateKey   []byte
+	KeyType      certcrypto.KeyType
+}
+
+// GetEmail returns email.
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource.
+func (a *Account) GetRegistration() *registration.Resource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key.
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
+	if err != nil {
+		return nil
+	}
+
+	return privateKey
+}
+
+// CertAndStore allows mapping a TLS certificate to a TLS store.
+type CertAndStore struct {
+	Certificate
+	Store string
+}
+
+// Certificate is a struct which contains all data needed from an ACME certificate.
+type Certificate struct {
+	Domain      Domain `json:"domain,omitempty" toml:"domain,omitempty" yaml:"domain,omitempty"`
+	Certificate []byte `json:"certificate,omitempty" toml:"certificate,omitempty" yaml:"certificate,omitempty"`
+	Key         []byte `json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty"`
+}
+
+// Domain holds a domain name with SANs.
+type Domain struct {
+	// Main defines the main domain name.
+	Main string `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// SANs defines the subject alternative domain names.
+	SANs []string `description:"Subject alternative names." json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty"`
+}
+
+// ToStrArray convert a domain into an array of strings.
+func (d *Domain) ToStrArray() []string {
+	var domains []string
+	if d.Main != "" {
+		domains = []string{d.Main}
+	}
+	return append(domains, d.SANs...)
+}
+
+// Set sets a domains from an array of strings.
+func (d *Domain) Set(domains []string) {
+	if len(domains) > 0 {
+		d.Main = domains[0]
+		d.SANs = domains[1:]
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (d *Domain) DeepCopyInto(out *Domain) {
+	*out = *d
+	if d.SANs != nil {
+		in, out := &d.SANs, &out.SANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Domain.
+func (d *Domain) DeepCopy() *Domain {
+	if d == nil {
+		return nil
+	}
+	out := new(Domain)
+	d.DeepCopyInto(out)
+	return out
+}

internal/traefikv3/acme.go

@@ -0,0 +1,101 @@
+package traefikv3
+
+import (
+	"crypto"
+	"crypto/x509"
+
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/registration"
+)
+
+// StoredData represents the data managed by Store.
+type StoredData struct {
+	Account      *Account
+	Certificates []*CertAndStore
+}
+
+// Account is used to store lets encrypt registration info.
+type Account struct {
+	Email        string
+	Registration *registration.Resource
+	PrivateKey   []byte
+	KeyType      certcrypto.KeyType
+}
+
+// GetEmail returns email.
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource.
+func (a *Account) GetRegistration() *registration.Resource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key.
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey)
+	if err != nil {
+		return nil
+	}
+
+	return privateKey
+}
+
+// CertAndStore allows mapping a TLS certificate to a TLS store.
+type CertAndStore struct {
+	Certificate
+	Store string
+}
+
+// Certificate is a struct which contains all data needed from an ACME certificate.
+type Certificate struct {
+	Domain      Domain `json:"domain,omitempty" toml:"domain,omitempty" yaml:"domain,omitempty"`
+	Certificate []byte `json:"certificate,omitempty" toml:"certificate,omitempty" yaml:"certificate,omitempty"`
+	Key         []byte `json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty"`
+}
+
+// Domain holds a domain name with SANs.
+type Domain struct {
+	// Main defines the main domain name.
+	Main string `description:"Default subject name." json:"main,omitempty" toml:"main,omitempty" yaml:"main,omitempty"`
+	// SANs defines the subject alternative domain names.
+	SANs []string `description:"Subject alternative names." json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty"`
+}
+
+// ToStrArray convert a domain into an array of strings.
+func (d *Domain) ToStrArray() []string {
+	var domains []string
+	if d.Main != "" {
+		domains = []string{d.Main}
+	}
+	return append(domains, d.SANs...)
+}
+
+// Set sets a domains from an array of strings.
+func (d *Domain) Set(domains []string) {
+	if len(domains) > 0 {
+		d.Main = domains[0]
+		d.SANs = domains[1:]
+	}
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (d *Domain) DeepCopyInto(out *Domain) {
+	*out = *d
+	if d.SANs != nil {
+		in, out := &d.SANs, &out.SANs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Domain.
+func (d *Domain) DeepCopy() *Domain {
+	if d == nil {
+		return nil
+	}
+	out := new(Domain)
+	d.DeepCopyInto(out)
+	return out
+}

readme.md

@@ -1,13 +1,13 @@
 # traefik-certs-dumper
 
 [![GitHub release](https://img.shields.io/github/release/ldez/traefik-certs-dumper.svg)](https://github.com/ldez/traefik-certs-dumper/releases/latest)
-[![Build Status](https://travis-ci.org/ldez/traefik-certs-dumper.svg?branch=master)](https://travis-ci.org/ldez/traefik-certs-dumper)
-[![Docker Information](https://images.microbadger.com/badges/image/ldez/traefik-certs-dumper.svg)](https://hub.docker.com/r/ldez/traefik-certs-dumper/)
+[![Build Status](https://github.com/ldez/traefik-certs-dumper/workflows/Main/badge.svg?branch=master)](https://github.com/ldez/traefik-certs-dumper/actions)
+[![Docker Image Version (latest semver)](https://img.shields.io/docker/v/ldez/traefik-certs-dumper)](https://hub.docker.com/r/ldez/traefik-certs-dumper/)
 [![Go Report Card](https://goreportcard.com/badge/github.com/ldez/traefik-certs-dumper)](https://goreportcard.com/report/github.com/ldez/traefik-certs-dumper)
 
 If you appreciate this project:
 
-[![Say Thanks!](https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg?style=for-the-badge)](https://saythanks.io/to/ldez)
+[![Sponsor](https://img.shields.io/badge/Sponsor%20me-%E2%9D%A4%EF%B8%8F-pink)](https://github.com/sponsors/ldez)
 
 ## Features
 
@@ -18,16 +18,17 @@ If you appreciate this project:
     - from file ("acme.json")
     - from KV stores (Consul, Etcd, Zookeeper)
 - Output formats:
-    - use domain as sub-directory (allow custom names and extensions)
+    - use domain as subdirectory (allow custom names and extensions)
     - flat (domain as filename)
 - Hook (only with watch mode and if the data source changes)
+- Support Traefik v1, v2, and v3.
 
 ## Installation
 
 ### Download / CI Integration
 
 ```bash
-curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $GOPATH/bin v2.7.0
+curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $(go env GOPATH)/bin v2.9.3
 ```
 
 <!--
@@ -56,6 +57,12 @@ You can use pre-compiled binaries:
 docker run ldez/traefik-certs-dumper:<tag_name>
 ```
 
+Examples:
+
+- Traefik v1: [docker-compose](docs/docker-compose-traefik-v1.yml)
+- Traefik v2: [docker-compose](docs/docker-compose-traefik-v2.yml)
+- Traefik v3: TODO
+
 ## Usage
 
 - [traefik-certs-dumper](docs/traefik-certs-dumper.md)
@@ -67,7 +74,7 @@ docker run ldez/traefik-certs-dumper:<tag_name>
 ### Simple Dump
 
 ```console
-$ traefik-certs-dumper file
+$ traefik-certs-dumper file --version v3
 dump
 ├──certs
 │  └──my.domain.com.key
@@ -79,7 +86,7 @@ dump
 ### Change source and destination
 
 ```console
-$ traefik-certs-dumper file --source ./acme.json --dest ./dump/test
+$ traefik-certs-dumper file --version v3 --source ./acme.json --dest ./dump/test
 test
 ├──certs
 │  └──my.domain.com.key
@@ -91,7 +98,7 @@ test
 ### Use domain as sub-directory
 
 ```console
-$ traefik-certs-dumper file --domain-subdir=true
+$ traefik-certs-dumper file --version v3 --domain-subdir=true
 dump
 ├──my.domain.com
 │  ├──certificate.crt
@@ -103,7 +110,7 @@ dump
 #### Change file extension
 
 ```console
-$ traefik-certs-dumper file --domain-subdir --crt-ext=.pem --key-ext=.pem
+$ traefik-certs-dumper file --version v3 --domain-subdir --crt-ext=.pem --key-ext=.pem
 dump
 ├──my.domain.com
 │  ├──certificate.pem
@@ -115,7 +122,7 @@ dump
 #### Change file name
 
 ```console
-$ traefik-certs-dumper file --domain-subdir --crt-name=fullchain --key-name=privkey
+$ traefik-certs-dumper file --version v3 --domain-subdir --crt-name=fullchain --key-name=privkey
 dump
 ├──my.domain.com
 │  ├──fullchain.crt
@@ -124,6 +131,37 @@ dump
    └──letsencrypt.key
 ```
 
+## Hook
+
+Hook can be a one-liner passed as a string, or a file for more complex post-hook scenarios.
+For the former, create a file (ex: `hook.sh`) and mount it, then pass `sh hooksh` as a parameter to `--post-hook`.
+
+Here is a docker-compose example:
+
+```yml
+services:
+# ...
+
+  traefik-certs-dumper:
+    image: ldez/traefik-certs-dumper:v2.9.3
+    container_name: traefik-certs-dumper
+    entrypoint: sh -c '
+      while ! [ -e /data/acme.json ]
+      || ! [ `jq ".[] | .Certificates | length" /data/acme.json | jq -s "add" ` != 0 ]; do
+      sleep 1
+      ; done
+      && traefik-certs-dumper file --version v2 --watch
+        --source /data/acme.json --dest /data/certs
+        --post-hook "sh /hook.sh"'
+    labels:
+      traefik.enable: false
+    volumes:
+      - ./letsencrypt:/data
+      - ./hook.sh:/hook.sh
+
+# ...
+```
+
 ### KV store
 
 #### Consul
@@ -149,5 +187,3 @@ $ traefik-certs-dumper kv boltdb --endpoints /the/path/to/mydb.db
 ```console
 $ traefik-certs-dumper kv zookeeper --endpoints localhost:2181
 ```
-
-

tmpl.Dockerfile

@@ -1,24 +0,0 @@
-FROM golang:1-alpine as builder
-
-RUN apk --update upgrade \
-    && apk --no-cache --no-progress add git make gcc musl-dev ca-certificates tzdata
-
-WORKDIR /go/src/github.com/ldez/traefik-certs-dumper
-
-ENV GO111MODULE on
-COPY go.mod go.sum ./
-RUN go mod download
-
-COPY . .
-RUN GOARCH={{ .GoARCH }} GOARM={{ .GoARM }} make build
-
-FROM {{ .RuntimeImage }}
-
-# Not supported for multi-arch without Buildkit or QEMU
-#RUN apk --update upgrade \
-#    && apk --no-cache --no-progress add ca-certificates
-
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=builder /go/src/github.com/ldez/traefik-certs-dumper/traefik-certs-dumper /usr/bin/traefik-certs-dumper
-
-ENTRYPOINT ["/usr/bin/traefik-certs-dumper"]