Dump ACME data from Traefik to certificates

Go to file

Stephan Müller e9523f05ca fix quotation marks		2019-04-19 22:51:24 +02:00
.gitignore	chore: ignore binary.	2019-02-11 12:34:33 +01:00
.golangci.toml	chore: update golangci-lint.	2019-02-18 14:34:40 +01:00
.goreleaser.yml	chore: change name_template.	2019-04-04 21:21:51 +02:00
.travis.yml	chore: fix flaky CI.	2019-02-20 11:01:17 +01:00
acme.go	fix some errors & add CLI options & extend readme	2019-04-19 19:10:53 +02:00
Dockerfile	chore: Adds a Dockerfile.	2019-02-24 14:52:12 +01:00
dumper.go	fix some errors & add CLI options & extend readme	2019-04-19 19:10:53 +02:00
file.go	fix some errors & add CLI options & extend readme	2019-04-19 19:10:53 +02:00
go.mod	restructure project & ad support for file watch & abstract backends	2019-04-19 19:10:52 +02:00
go.sum	restructure project & ad support for file watch & abstract backends	2019-04-19 19:10:52 +02:00
godownloader.sh	chore: adds download script.	2019-04-04 21:29:26 +02:00
kv.go	fix some errors & add CLI options & extend readme	2019-04-19 19:10:53 +02:00
LICENSE	chore: adds License.	2019-02-11 05:29:33 +01:00
main.go	fix quotation marks	2019-04-19 22:51:24 +02:00
Makefile	chore: adds makefile and linter.	2019-02-11 05:29:04 +01:00
readme.md	fix quotation marks	2019-04-19 22:51:24 +02:00
version.go	feat: Birth.	2019-02-11 12:07:06 +01:00

readme.md

traefik-certs-dumper

Installation

Download / CI Integration

curl -sfL https://raw.githubusercontent.com/ldez/traefik-certs-dumper/master/godownloader.sh | bash -s -- -b $GOPATH/bin v1.5.0

From Binaries

You can use pre-compiled binaries:

To get the binary just download the latest release for your OS/Arch from the releases page
Unzip the archive.
Add traefik-certs-dumper in your PATH.

From Docker

docker run ldez/traefik-certs-dumper:<tag_name>

Usage

Dump ACME data from Traefik of different storage backends to certificates.

Usage:
  traefik-certs-dumper [command]

Available Commands:
  dump        Dump Let's Encrypt certificates from Traefik
  help        Help about any command
  version     Display version

Flags:
  -h, --help      help for traefik-certs-dumper
      --version   version for traefik-certs-dumper

Use "traefik-certs-dumper [command] --help" for more information about a command.

Dump ACME data from Traefik of different storage backends to certificates.

Usage:
  traefik-certs-dumper dump [flags]

Flags:
      --crt-ext string                        The file extension of the generated certificates. (default ".crt")
      --crt-name string                       The file name (without extension) of the generated certificates. (default "certificate")
      --dest string                           Path to store the dump content. (default "./dump")
      --domain-subdir                         Use domain as sub-directory.
  -h, --help                                  help for dump
      --key-ext string                        The file extension of the generated private keys. (default ".key")
      --key-name string                       The file name (without extension) of the generated private keys. (default "privatekey")
      --source string                         Source type, one of 'file', 'consul', 'etcd', 'zookeeper', 'boltdb'. Options for each source type are prefixed with 'source.<type>'. (default "file")
      --source.file string                    Path to 'acme.json' for file source. (default "./acme.json")
      --source.kv.boltdb.bucket string        Bucket for boltdb. (default "traefik")
      --source.kv.boltdb.persist-connection   Persist connection for boltdb.
      --source.kv.connection-timeout int      Connection timeout in seconds.
      --source.kv.consul.token string         Token for consul.
      --source.kv.endpoints string            Comma seperated list of endpoints. (default "localhost:8500")
      --source.kv.etcd.sync-period int        Sync period for etcd in seconds.
      --source.kv.password string             Password for connection.
      --source.kv.tls.ca-cert-file string     Root CA file for certificate verification if TLS is enabled.
      --source.kv.tls.enable                  Enable TLS encryption.
      --source.kv.tls.insecureskipverify      Trust unverified certificates if TLS is enabled.
      --source.kv.username string             Username for connection.
      --watch                                 Enable watching changes.

Examples

Simple Dump

$ traefik-certs-dumper dump
dump
├──certs
│  └──my.domain.com.key
└──private
   ├──my.domain.com.crt
   └──letsencrypt.key

Enabled watching

$ traefik-certs-dumper dump --watch
2019/04/19 16:56:34 wrote new configuration
dump
├──certs
│  └──my.domain.com.key
└──private
   ├──my.domain.com.crt
   └──letsencrypt.key
2019/04/19 16:57:14 wrote new configuration
dump
├──certs
│  └──my.domain.com.key
└──private
   ├──my.domain.com.crt
   └──letsencrypt.key

Consul backend

$ traefik-certs-dumper dump --source consul --source.kv.endpoints=localhost:8500

Etcd backend

$ traefik-certs-dumper dump --source etcd --source.kv.endpoints=localhost:2379

Boltdb backend

$ traefik-certs-dumper dump --source boltdb --source.kv.endpoints=/tmp/my.db

Zookeeper backend

$ traefik-certs-dumper dump --source zookeeper --source.kv.endpoints=localhost:2181

Change source and destination

$ traefik-certs-dumper dump --source ./acme.json --dest ./dump/test
test
├──certs
│  └──my.domain.com.key
└──private
   ├──my.domain.com.crt
   └──letsencrypt.key

Use domain as sub-directory

$ traefik-certs-dumper dump --domain-subdir=true
dump
├──my.domain.com
│  ├──certificate.crt
│  └──privatekey.key
└──private
   └──letsencrypt.key

Change file extension

$ traefik-certs-dumper dump --domain-subdir=true --crt-ext=.pem --key-ext=.pem
dump
├──my.domain.com
│  ├──certificate.pem
│  └──privatekey.pem
└──private
   └──letsencrypt.key

Change file name

$ traefik-certs-dumper dump --domain-subdir=true --crt-name=fullchain --key-name=privkey
dump
├──my.domain.com
│  ├──fullchain.crt
│  └──privkey.key
└──private
   └──letsencrypt.key