Rotato

A tool for CA and certificate rotation for Cloud Foundry

Uses CredHub API
Provides commands to implement 3-step CA rotation

3-step CA Rotation

Generate new CA, configure all components to trust both old and new CAs and redeploy
Generate certificates signed by the new CA
Configure everything to only trust the new CA and redeploy

Installation

rotato uses go modules to manages dependencies and requires go v1.11. To install, run these commands from the root project directory

cd rotation
go build -o rotato

Usage

Usage:
  rotation [OPTIONS] [add-new-cas | regenerate-certs | remove-old-cas]

Help Options:
  -h, --help  Show this help message

Available commands:
  add-new-cas       Regenerate new CAs and make them available to the next BOSH deploy
  regenerate-certs  Regenerate new certificates
  remove-old-cas    Remove Old CAs

Each command requires CredHub credentials. In case you are using bbl to create your BOSH director, eval "$(eval bbl print-env)" will set all necessary credentials.

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
dockerfiles/rotato		dockerfiles/rotato
pipelines		pipelines
rotation		rotation
tasks/rotate		tasks/rotate
.gitignore		.gitignore
README.md		README.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dockerfiles/rotato

dockerfiles/rotato

pipelines

pipelines

rotation

rotation

tasks/rotate

tasks/rotate

.gitignore

.gitignore

README.md

README.md

go.mod

go.mod

go.sum

go.sum

Repository files navigation

Rotato

3-step CA Rotation

Installation

Usage

About

Releases

Packages

Languages

ishustava/rotato

Folders and files

Latest commit

History

Repository files navigation

Rotato

3-step CA Rotation

Installation

Usage

About

Resources

Stars

Watchers

Forks

Languages