Tools and scripts for sharing certificates between servers

The Integration Guide and responses in various threads emphasize the importance of only making a single request for a certificate and then using local mechanisms to replicate the certificate and private key to all the servers that need it in a particular site.

For most admins it is probably not hard to write a custom script using scp or rsync to do that.

Some people have also mentioned using puppet, ansible, cfengine or other frameworks for this purpose.

Has anybody developed or seen any generic and lightweight scripts or tools that serve this purpose without all the extra features of a framework like puppet?

Looking around online, one thing that comes up is a plugin for Kubernetes users to request and cache the certificates for containers. Has anybody developed something similar but more generic, not specific to Kubernetes, suitable for both containers and any other arbitrary (*nix) servers in an organization?

Hi @dpocock,

The cert-manager method of sharing the cert/key is the best I’ve found for a kubernetes stack, but again you need to be running kubernetes. The cert-manager tool benefits from kubernetes using etcd as its underlying key/val store. This blog post goes into detail about Traefik with Consul as the key/val store and could definitely be created without requiring a kubernetes environment.

Check out some of these topics for ideas.

2 Likes