package pki import ( "strings" "sync" "time" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" ) // Factory creates a new backend implementing the logical.Backend interface func Factory(conf *logical.BackendConfig) (logical.Backend, error) { return Backend().Setup(conf) } // Backend returns a new Backend framework struct func Backend() *framework.Backend { var b backend b.Backend = &framework.Backend{ Help: strings.TrimSpace(backendHelp), PathsSpecial: &logical.Paths{ Unauthenticated: []string{ "cert/*", "ca/pem", "ca", "crl/pem", "crl", }, }, Paths: []*framework.Path{ pathListRoles(&b), pathRoles(&b), pathGenerateRoot(&b), pathGenerateIntermediate(&b), pathSetSignedIntermediate(&b), pathSignIntermediate(&b), pathConfigCA(&b), pathConfigCRL(&b), pathConfigURLs(&b), pathSignVerbatim(&b), pathSign(&b), pathIssue(&b), pathRotateCRL(&b), pathFetchCA(&b), pathFetchCRL(&b), pathFetchCRLViaCertPath(&b), pathFetchValid(&b), pathRevoke(&b), }, Secrets: []*framework.Secret{ secretCerts(&b), }, } b.crlLifetime = time.Hour * 72 b.revokeStorageLock = &sync.Mutex{} return b.Backend } type backend struct { *framework.Backend crlLifetime time.Duration revokeStorageLock *sync.Mutex } const backendHelp = ` The PKI backend dynamically generates X509 server and client certificates. After mounting this backend, configure the CA using the "pem_bundle" endpoint within the "config/" path. `