Support for Venafi
Before using this module you need to register an account with Venafi, and configure it in your master
configuration file.
First, you need to add a placeholder to the master
file. This is because the module will not load unless it finds an api_key
setting, valid or not. Open up /etc/salt/master
and add:
venafi: api_key: None
Then register your email address with Venafi using the following command:
salt-run venafi.register <[email protected]>
This command will not return an api_key
to you; that will be sent to you via email from Venafi. Once you have received that key, open up your master
file and set the api_key
to it:
venafi: api_key: abcdef01-2345-6789-abcd-ef0123456789
Delete cached domains from the master
CLI Example:
salt-run venafi.del_cached_domain domain1.example.com,domain2.example.com
Generate a csr using the host's private_key. Analogous to:
VCert gencsr -cn [CN Value] -o "Beta Organization" -ou "Beta Group" -l "Palo Alto" -st "California" -c US
CLI Example:
salt-run venafi.gen_csr <minion_id> <dns_name>
Generate and return an private_key. If a dns_name
is passed in, the private_key will be cached under that name. The type of key and the parameters used to generate the key are based on the default certificate use policy associated with the specified zone.
CLI Example:
salt-run venafi.gen_key <minion_id> [dns_name] [zone] [password]
Get the zone ID for the given zone name
CLI Example:
salt-run venafi.get_zone_id default
List domains that have been cached
CLI Example:
salt-run venafi.list_domain_cache
Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
Register a new user account
CLI Example:
salt-run venafi.register [email protected]
Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
Request a new certificate
Uses the following command:
VCert enroll -z <zone> -k <api key> -cn <domain name>
CLI Example:
salt-run venafi.request <minion_id> <dns_name>
Show certificate requests for this API key
CLI Example:
salt-run venafi.show_cert 01234567-89ab-cdef-0123-456789abcdef
Show company information, especially the company id
CLI Example:
salt-run venafi.show_company example.com
Show certificate requests for this API key
CLI Example:
salt-run venafi.show_csrs
Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones
Show a private RSA key
CLI Example:
salt-run venafi.show_rsa myminion domain.example.com
Show zone details for the API key owner's company
CLI Example:
salt-run venafi.show_zones
© 2019 SaltStack.
Licensed under the Apache License, Version 2.0.
https://docs.saltstack.com/en/latest/ref/runners/all/salt.runners.venafiapi.html