This repository contains a collection of execution modules and states to manage X.509 keys, certificate signing requests and certificates. It does support modern EC suites. The actual signing can be delegated to other execution modules or runners, such as acme.sign.
The current version focuses on the needs for TLS certificates and external signing (e.g. ACME, Vault, custom modules).
See _modules/pki.py.
See _states/pki.py.
The recommended way of installation is using salt gitfs on the salt master.
# /etc/salt/master
gitfs_remotes:
- "https://github.com/jgraichen/salt-pki.git":
- base: v1.0.1If you want to use execution modules on the salt master, e.g. in runners, remember to synchronize modules on the master:
salt-run saltutil.sync_modules