Skip to content

openziti/identity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

494 Commits
.github
.github
 
 
certtools
certtools
 
 
dotziti
dotziti
 
 
engines
engines
 
 
testdata
testdata
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
address.go
address.go
 
 
address_test.go
address_test.go
 
 
address_windows.go
address_windows.go
 
 
address_windows_test.go
address_windows_test.go
 
 
ca_pool.go
ca_pool.go
 
 
ca_pool_test.go
ca_pool_test.go
 
 
chains.go
chains.go
 
 
chains_test.go
chains_test.go
 
 
config.go
config.go
 
 
config_test.go
config_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
identity.go
identity.go
 
 
identity_test.go
identity_test.go
 
 
identity_watcher.go
identity_watcher.go
 
 
identity_watcher_js.go
identity_watcher_js.go
 
 
lazy.go
lazy.go
 
 
token.go
token.go
 
 
token_test.go
token_test.go
 
 
version
version
 
 

Repository files navigation

Ziti Identity library

This library is an attempt to normalize identity configuration for various ziti components.

Configuration

It is expected that identity configuration is stored in JSON format and mapped to identity.IdentityConfig type

{
    "id": {
        "key": "file://{path}",
        "cert": "file://{path}",
        "server_cert": "file://{path}" // optional
        "ca": "file://{path}" // optional
    }
}

It allows different ways of specifying private keys and certificates

Keys

  • from file "key": "file://{path to key PEM file}", or "key": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "key": "pem:------BEGIN EC PRIVATE KEY-----...."
  • engine for HW token support "key": "engine:{engine_id}?{engine options}"

Certificates

Applied to both ID/client and server certificates, as well as CA bundle config

  • from file "cert": "file://{path to cert PEM file}", or "server_cert": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "cert": "pem:------BEGIN CERTIFICATE-----...."

Usage

Once IdentityConfig is loaded, it could be used to acquire actual TLS credentials

idCfg := cfg.ID // load config from somewhere
id, err := identity.LoadIdentity(idCfg)

cltCert = id.Cert() // tls.Certificate

About

Identity management library for the OpenZiti project

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

8 stars

Watchers

8 watching

Forks

4 forks
Report repository

Releases

125 tags

Packages

No packages published

Used by 118

  • @openziti
  • @ngjaying
  • @cloudxxx8
  • @zhanghongquan
  • @evalgo-org
  • @austinsonger
+ 110

Contributors 12

Languages