k3s/vendor/github.com/cloudflare/cfssl/certdb

certdb usage

Using a database enables additional functionality for existing commands when a db config is provided:

• sign and gencert add a certificate to the certdb after signing it
• serve enables database functionality for the sign and revoke endpoints

A database is required for the following:

• revoke marks certificates revoked in the database with an optional reason
• ocsprefresh refreshes the table of cached OCSP responses
• ocspdump outputs cached OCSP responses in a concatenated base64-encoded format

Setup/Migration

This directory stores goose db migration scripts for various DB backends. Currently supported:

• SQLite in sqlite
• PostgreSQL in pg

Get goose

go get https://bitbucket.org/liamstask/goose/

Use goose to start and terminate a SQLite DB

To start a SQLite DB using goose:

goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/sqlite up'

To tear down a SQLite DB using goose

goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/sqlite down

Use goose to start and terminate a PostgreSQL DB

To start a PostgreSQL using goose:

goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/pg up

To tear down a PostgreSQL DB using goose

goose -path $GOPATH/src/github.com/cloudflare/cfssl/certdb/pg down

Note: the administration of PostgreSQL DB is not included. We assume the databases being connected to are already created and access control are properly handled.

CFSSL Configuration

Several cfssl commands take a -db-config flag. Create a file with a JSON dictionary:

{"driver":"sqlite3","data_source":"certs.db"}

or

{"driver":"postgres","data_source":"postgres://user:password@host/db"}