salt.runners.venafiapi¶
Support for Venafi
Before using this module you need to register an account with Venafi, and
configure it in your master configuration file.
First, you need to add a placeholder to the master file. This is because
the module will not load unless it finds an api_key setting, valid or not.
Open up /etc/salt/master and add:
venafi:
api_key: None
Then register your email address with Venafi using the following command:
salt-run venafi.register <youremail@yourdomain.com>
This command will not return an api_key to you; that will be sent to you
via email from Venafi. Once you have received that key, open up your master
file and set the api_key to it:
venafi:
api_key: abcdef01-2345-6789-abcd-ef0123456789
-
salt.runners.venafiapi.del_cached_domain(domains)¶ Delete cached domains from the master
CLI Example:
salt-run venafi.del_cached_domain domain1.example.com,domain2.example.com
-
salt.runners.venafiapi.gen_csr(minion_id, dns_name, zone='default', country=None, state=None, loc=None, org=None, org_unit=None, password=None)¶ Generate a csr using the host's private_key. Analogous to:
VCert gencsr -cn [CN Value] -o "Beta Organization" -ou "Beta Group" -l "Palo Alto" -st "California" -c US
CLI Example:
salt-run venafi.gen_csr <minion_id> <dns_name>
-
salt.runners.venafiapi.gen_key(minion_id, dns_name=None, zone='default', password=None)¶ Generate and return an private_key. If a
dns_nameis passed in, the private_key will be cached under that name. The type of key and the parameters used to generate the key are based on the default certificate use policy associated with the specified zone.CLI Example:
salt-run venafi.gen_key <minion_id> [dns_name] [zone] [password]
-
salt.runners.venafiapi.get_zone_id(zone_name)¶ Get the zone ID for the given zone name
CLI Example:
salt-run venafi.get_zone_id default
-
salt.runners.venafiapi.list_domain_cache()¶ List domains that have been cached
CLI Example:
salt-run venafi.list_domain_cache
-
salt.runners.venafiapi.pickup(id_)¶ Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
-
salt.runners.venafiapi.register(email)¶ Register a new user account
CLI Example:
salt-run venafi.register email@example.com
-
salt.runners.venafiapi.renew(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)¶ Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
-
salt.runners.venafiapi.request(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)¶ Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
-
salt.runners.venafiapi.show_cert(id_)¶ Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
-
salt.runners.venafiapi.show_company(domain)¶ Show company information, especially the company id
CLI Example:
salt-run venafi.show_company example.com
-
salt.runners.venafiapi.show_csrs()¶ Show certificate requests for this API key
CLI Example:
salt-run venafi.show_csrs
-
salt.runners.venafiapi.show_policies()¶ Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones
-
salt.runners.venafiapi.show_rsa(minion_id, dns_name)¶ Show a private RSA key
CLI Example:
salt-run venafi.show_rsa myminion domain.example.com
-
salt.runners.venafiapi.show_zones()¶ Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones
