salt.runners.venafiapi

Support for Venafi

Before using this module you need to register an account with Venafi, and configure it in your master configuration file.

First, you need to add a placeholder to the master file. This is because the module will not load unless it finds an api_key setting, valid or not. Open up /etc/salt/master and add:

venafi:
  api_key: None

Then register your email address with Venafi using the following command:

salt-run venafi.register <[email protected]>

This command will not return an api_key to you; that will be sent to you via email from Venafi. Once you have received that key, open up your master file and set the api_key to it:

venafi:
  api_key: abcdef01-2345-6789-abcd-ef0123456789

salt.runners.venafiapi.del_cached_domain(domains)

Delete cached domains from the master

CLI Example:

salt-run venafi.del_cached_domain domain1.example.com,domain2.example.com

salt.runners.venafiapi.gen_csr(minion_id, dns_name, zone='default', country=None, state=None, loc=None, org=None, org_unit=None, password=None)

Generate a csr using the host's private_key. Analogous to:

VCert gencsr -cn [CN Value] -o "Beta Organization" -ou "Beta Group"             -l "Palo Alto" -st "California" -c US

CLI Example:

salt-run venafi.gen_csr <minion_id> <dns_name>

salt.runners.venafiapi.gen_key(minion_id, dns_name=None, zone='default', password=None)

Generate and return an private_key. If a dns_name is passed in, the private_key will be cached under that name. The type of key and the parameters used to generate the key are based on the default certificate use policy associated with the specified zone.

CLI Example:

salt-run venafi.gen_key <minion_id> [dns_name] [zone] [password]

salt.runners.venafiapi.get_zone_id(zone_name)

Get the zone ID for the given zone name

CLI Example:

salt-run venafi.get_zone_id default

salt.runners.venafiapi.list_domain_cache()

List domains that have been cached

CLI Example:

salt-run venafi.list_domain_cache

salt.runners.venafiapi.pickup(id_)

Show certificate requests for this API key

CLI Example:

salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef

salt.runners.venafiapi.register(email)

Register a new user account

CLI Example:

salt-run venafi.register [email protected]

salt.runners.venafiapi.renew(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)

Request a new certificate

Uses the following command:

VCert enroll -z <zone> -k <api key> -cn <domain name>

CLI Example:

salt-run venafi.request <minion_id> <dns_name>

salt.runners.venafiapi.request(minion_id, dns_name=None, zone='default', request_id=None, country='US', state='California', loc='Palo Alto', org='Beta Organization', org_unit='Beta Group', password=None, zone_id=None)

Request a new certificate

Uses the following command:

VCert enroll -z <zone> -k <api key> -cn <domain name>

CLI Example:

salt-run venafi.request <minion_id> <dns_name>

salt.runners.venafiapi.show_cert(id_)

Show certificate requests for this API key

CLI Example:

salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef

salt.runners.venafiapi.show_company(domain)

Show company information, especially the company id

CLI Example:

salt-run venafi.show_company example.com

salt.runners.venafiapi.show_csrs()

Show certificate requests for this API key

CLI Example:

salt-run venafi.show_csrs

salt.runners.venafiapi.show_policies()

Show zone details for the API key owner's company

CLI Example:

salt-run venafi.show_zones

salt.runners.venafiapi.show_rsa(minion_id, dns_name)

Show a private RSA key

CLI Example:

salt-run venafi.show_rsa myminion domain.example.com

salt.runners.venafiapi.show_zones()

Show zone details for the API key owner's company

CLI Example:

salt-run venafi.show_zones