github.com/Venafi/vcert/v5@v5.10.2/examples/provisionWithServiceAccount/main.go (about) 1 package main 2 3 import ( 4 "crypto/x509/pkix" 5 "log" 6 "os" 7 8 "github.com/Venafi/vcert/v5" 9 "github.com/Venafi/vcert/v5/pkg/certificate" 10 "github.com/Venafi/vcert/v5/pkg/domain" 11 "github.com/Venafi/vcert/v5/pkg/endpoint" 12 ) 13 14 const ( 15 vcpURL = "VCP_URL" 16 vcpZone = "VCP_ZONE" 17 vcpApiKey = "CLOUD_APIKEY" 18 vcpTokenURL = "VCP_TOKEN_URL" // #nosec G101 // This is not a hardcoded credential 19 vcpJWT = "VCP_JWT" 20 envVarNotSet = "environment variable not set: %s" 21 22 name = "example-provisioning" 23 ) 24 25 func main() { 26 27 // URL can be nil if using production TLSPC 28 url := os.Getenv(vcpURL) 29 30 zone, found := os.LookupEnv(vcpZone) 31 if !found { 32 log.Fatalf(envVarNotSet, vcpZone) 33 } 34 35 tokenURL, found := os.LookupEnv(vcpTokenURL) 36 if !found { 37 log.Fatalf(envVarNotSet, vcpTokenURL) 38 } 39 jwt, found := os.LookupEnv(vcpJWT) 40 if !found { 41 log.Fatalf(envVarNotSet, vcpJWT) 42 } 43 44 config := &vcert.Config{ 45 ConnectorType: endpoint.ConnectorTypeCloud, 46 BaseUrl: url, 47 Zone: zone, 48 Credentials: &endpoint.Authentication{ 49 ExternalJWT: jwt, 50 TokenURL: tokenURL, 51 }, 52 } 53 54 connector, err := vcert.NewClient(config) 55 if err != nil { 56 log.Fatalf("error creating client: %s", err.Error()) 57 } 58 59 request := &certificate.Request{ 60 Subject: pkix.Name{ 61 CommonName: "common.name.venafi.example.com", 62 Organization: []string{"Venafi.com"}, 63 OrganizationalUnit: []string{"Integration Team"}, 64 Locality: []string{"Salt Lake"}, 65 Province: []string{"Salt Lake"}, 66 Country: []string{"US"}, 67 }, 68 DNSNames: []string{"www.client.venafi.example.com", "ww1.client.venafi.example.com"}, 69 CsrOrigin: certificate.ServiceGeneratedCSR, 70 KeyType: certificate.KeyTypeRSA, 71 KeyLength: certificate.DefaultRSAlength, 72 } 73 74 err = connector.GenerateRequest(nil, request) 75 if err != nil { 76 log.Fatalf("could not generate certificate request: %s", err) 77 } 78 79 requestID, err := connector.RequestCertificate(request) 80 if err != nil { 81 log.Fatalf("could not submit certificate request: %s", err) 82 } 83 log.Printf("Successfully submitted certificate request. Will pickup certificate by ID %s", requestID) 84 85 keystoreName := "<insert Keystore Name here>" 86 providerName := "<insert Provider Name here>" 87 certName := "<insert cert name>" // e.g. test2-venafi-com 88 89 optionsInput := domain.ProvisioningOptions{ 90 CloudCertificateName: certName, 91 } 92 93 req := &domain.ProvisioningRequest{ 94 KeystoreName: &keystoreName, 95 ProviderName: &providerName, 96 PickupID: &requestID, 97 } 98 99 certMetaData, err := connector.ProvisionCertificate(req, &optionsInput) 100 if err != nil { 101 log.Fatalf("error provisioning: %s", err.Error()) 102 } 103 104 // Example to get values from other keystores machine identities metadata 105 if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeACM { 106 log.Printf("Certificate AWS Metadata ARN:\n%v", certMetaData.CertificateID) 107 } 108 if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeAKV { 109 log.Printf("Certificate Azure Metadata ID:\n%v", certMetaData.CertificateID) 110 log.Printf("Certificate Azure Metadata Name:\n%v", certMetaData.CertificateName) 111 log.Printf("Certificate Azure Metadata Version:\n%v", certMetaData.CertificateVersion) 112 } 113 if certMetaData.CloudKeystoreType == domain.CloudKeystoreTypeGCM { 114 log.Printf("Certificate GCP Metadata ID:\n%v", certMetaData.CertificateID) 115 log.Printf("Certificate GCP Metadata Name:\n%v", certMetaData.CertificateName) 116 } 117 }