Support for Venafi
Before using this module you need to register an account with Venafi, and
configure it in your master
configuration file.
First, you need to add a placeholder to the master
file. This is because
the module will not load unless it finds an api_key
setting, valid or not.
Open up /etc/salt/master
and add:
venafi:
api_key: None
Then register your email address with Venafi using the following command:
salt-run venafi.register <youremail@yourdomain.com>
This command will not return an api_key
to you; that will be sent to you
via email from Venafi. Once you have received that key, open up your master
file and set the api_key
to it:
venafi:
api_key: abcdef01-2345-6789-abcd-ef0123456789
salt.runners.venafiapi.
del_cached_domain
(domains)¶Delete cached domains from the master
CLI Example:
salt-run venafi.del_cached_domain domain1.example.com,domain2.example.com
salt.runners.venafiapi.
gen_csr
(minion_id, dns_name, zone='default', country=None, state=None, loc=None, org=None, org_unit=None, password=None)¶Generate a csr using the host's private_key. Analogous to:
VCert gencsr -cn [CN Value] -o "Beta Organization" -ou "Beta Group" -l "Palo Alto" -st "California" -c US
CLI Example:
salt-run venafi.gen_csr <minion_id> <dns_name>
salt.runners.venafiapi.
gen_key
(minion_id, dns_name=None, zone='default', password=None)¶Generate and return an private_key. If a dns_name
is passed in, the
private_key will be cached under that name. The type of key and the
parameters used to generate the key are based on the default certificate
use policy associated with the specified zone.
CLI Example:
salt-run venafi.gen_key <minion_id> [dns_name] [zone] [password]
salt.runners.venafiapi.
get_zone_id
(zone_name)¶Get the zone ID for the given zone name
CLI Example:
salt-run venafi.get_zone_id default
salt.runners.venafiapi.
list_domain_cache
()¶List domains that have been cached
CLI Example:
salt-run venafi.list_domain_cache
salt.runners.venafiapi.
pickup
(id_)¶Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
salt.runners.venafiapi.
register
(email)¶Register a new user account
CLI Example:
salt-run venafi.register email@example.com
salt.runners.venafiapi.
renew
(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)¶Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
salt.runners.venafiapi.
request
(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)¶Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
salt.runners.venafiapi.
show_cert
(id_)¶Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
salt.runners.venafiapi.
show_company
(domain)¶Show company information, especially the company id
CLI Example:
salt-run venafi.show_company example.com
salt.runners.venafiapi.
show_csrs
()¶Show certificate requests for this API key
CLI Example:
salt-run venafi.show_csrs
salt.runners.venafiapi.
show_policies
()¶Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones
salt.runners.venafiapi.
show_rsa
(minion_id, dns_name)¶Show a private RSA key
CLI Example:
salt-run venafi.show_rsa myminion domain.example.com
salt.runners.venafiapi.
show_zones
()¶Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones