Skip to content

Ruby client SDK designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.

License

Notifications You must be signed in to change notification settings

Venafi/vcert-ruby

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Venafi Apache 2.0 License Community Supported Compatible with TPP 17.3+ & Cloud
This open source project is community-supported. To report a problem or share an idea, use Issues; and if you have a suggestion for fixing the issue, please include those details, too. In addition, use Pull Requests to contribute actual bug fixes or proposed enhancements. We welcome and appreciate all contributions. Got questions or want to discuss something with our team? Join us on Slack!

VCert Ruby

VCert Ruby is a Ruby library and SDK designed to simplify key generation and enrollment of machine identities (also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the Venafi Platform or Venafi Cloud.

This implementation is based on the original Go library, https://github.com/Venafi/vcert.

Compatibility

VCert supports Ruby 2.4+ (older versions usually work but are not tested or supported). VCert releases are tested using the latest version of Trust Protection Platform. The latest VCert release should be compatible with Trust Protection Platform 17.3 or higher based on the subset of API methods it consumes.

Installation

Get the library using gem:
gem install vcert

You also can install latest version from github:
gem specific_install https://github.com/Venafi/vcert-ruby.git

Usage example

For code samples of programmatic use, please review the files in /examples.

Prerequisites for using with Trust Protection Platform

  1. A user account that has been granted WebSDK Access
  2. A folder (zone) where the user has been granted the following permissions: View, Read, Write, Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is service generated)
  3. Policy applied to the folder which specifies:
    1. CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert
    2. Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C)
    3. Management Type not locked or locked to 'Enrollment'
    4. Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR'
    5. Generate Key/CSR on Application not locked or locked to 'No'
    6. (Recommended) Disable Automatic Renewal set to 'Yes'
    7. (Recommended) Key Bit Strength set to 2048 or higher
    8. (Recommended) Domain Whitelisting policy appropriately assigned

Prerequisites for using with Venafi Cloud

  1. The Venafi Cloud REST API is accessible at https://api.venafi.cloud from the system where VCert will be executed.
  2. You have successfully registered for a Venafi Cloud account, have been granted at least the OutagePREDICT "Resource Owner" role, and know your API key.
  3. A CA Account and Issuing Template exist and have been configured with:
    1. Recommended Settings values for:
      1. Organizational Unit (OU)
      2. Organization (O)
      3. City/Locality (L)
      4. State/Province (ST)
      5. Country (C)
    2. Issuing Rules that:
      1. (Recommended) Limits Common Name and Subject Alternative Name to domains that are allowed by your organization
      2. (Recommended) Restricts the Key Length to 2048 or higher
      3. (Recommended) Does not allow Private Key Reuse
  4. An OutagePREDICT Application exists where you are among the owners, and you know the Application Name.
  5. An Issuing Template is assigned to the Application, and you know its API Alias.

Contributing to VCert

Venafi welcomes contributions from the developer community.

  1. Fork it to your account (https://github.com/Venafi/vcert-ruby/fork)
  2. Clone your fork (git clone [email protected]:youracct/vcert-ruby.git)
  3. Create a feature branch (git checkout -b your-branch-name)
  4. Implement and test your changes
  5. Commit your changes (git commit -am 'Added some cool functionality')
  6. Push to the branch (git push origin your-branch-name)
  7. Create a new Pull Request (https://github.com/youracct/vcert-ruby/pull/new/your-branch-name)

License

Copyright © Venafi, Inc. All rights reserved.

VCert is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Please direct questions/comments to [email protected].

About

Ruby client SDK designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Packages

No packages published