This is a tool which allows you to consume certificates managed by the Katapult Certificate Manager (KCM) service. KCM handles issuing and renewing certificates and using them throughout the Katapult platform. If you want to use those certificates elsewhere, this tool may help you.
Once you have got a certificate in KCM, you can use this tool to monitor that certificate, download the signed certificate and then run any commands you want to run to have those certificates picked up by whatever service is using them.
By default, configuration lives in /etc/kcm.yaml but you can put it wherever you want and use the --config flag to specify the path when running kcm-tool.
certificates:
- url: https://certs.katapult.io/{certificate-id}/{your-certificate-secret}
paths:
certificate: /etc/certs/service.cert.pem
private_key: /etc/certs/service.key.pem
chain: /etc/certs/service.chain.pem
certificate_with_chain: /etc/certs/service.cert-with-chain.pem
permissions:
certificates: 644
keys: 600
commands:
- systemctl reload apache2
- touch /etc/certs/service.cert.updated- You can obtain the
urlattribute through the Katapult interface or API. - The paths define the paths on your server where you want to export your certificate data.
- The commands will be run in the order provided.
- Download the latest release from GitHub and pop it in
/usr/local/bin/kcm-toolon the server. - Set the executable flag (
chmod +x /usr/local/bin/kcm-tool). - Add your configuration file somewhere.
- Run the tool (
kcm-tool --config path/to/config.yaml).