gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-10 21:08:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: remove version labels from public docs to avoid telegraphing roadmap

Browse Source 
Strip explicit V2/V3 version labels from planned features in README,
architecture, connectors, and demo docs. F5/IIS now say "interface only"
and "implementation planned" without version targets. DigiCert and other
future issuers say "planned" without version numbers. Keeps completed
milestones detailed (social proof) while keeping future work abstract.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Shankar
2026-03-22 13:50:03 -04:00
parent d9103b62cf
commit c2cd48c38b
4 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/connectors.md
+4 -4
View File
@@ -6,9 +6,9 @@ Connectors extend certctl to integrate with external systems for certificate iss
Three types of connectors:
1. **Issuer Connector** — Obtains certificates from CAs (Local CA with sub-CA support, ACME with HTTP-01 + DNS-01, step-ca implemented; OpenSSL planned V2; DigiCert, Entrust, GlobalSign, EJBCA, Vault PKI, Google CAS planned V3)
2. **Target Connector** — Deploys certificates to infrastructure (NGINX, Apache httpd, HAProxy implemented; F5 via proxy agent, IIS dual-mode interface only; AWS ALB, Azure Key Vault, Palo Alto, FortiGate, Citrix ADC, Kubernetes Secrets planned V3)
3. **Notifier Connector** — Sends alerts about certificate events (Email, Webhooks; Slack, Teams, PagerDuty, OpsGenie planned V2)
1. **Issuer Connector** — Obtains certificates from CAs (Local CA with sub-CA support, ACME with HTTP-01 + DNS-01, step-ca implemented; OpenSSL/Custom CA and additional CA integrations planned)
2. **Target Connector** — Deploys certificates to infrastructure (NGINX, Apache httpd, HAProxy implemented; F5 via proxy agent, IIS dual-mode interface only; additional cloud and network targets planned)
3. **Notifier Connector** — Sends alerts about certificate events (Email, Webhooks implemented; Slack, Teams, PagerDuty, OpsGenie planned)
All connectors accept JSON configuration at initialization, support config validation, and are registered in the service layer. Issuer connectors run on the control plane; target connectors run on agents. For network appliances where agents can't be installed, a **proxy agent** in the same network zone handles deployment — the server never initiates outbound connections.
@@ -363,7 +363,7 @@ The combined PEM is built in this order: server certificate, intermediate/chain
Location: `internal/connector/target/haproxy/haproxy.go`
### Planned: F5 BIG-IP (V2, Interface Only)
### Planned: F5 BIG-IP (Interface Only)
The F5 BIG-IP target connector interface is built with the iControl REST flow mapped out, but the actual API calls are not yet implemented. F5 appliances can't run agents directly, so this connector uses the **proxy agent pattern**: a designated agent in the same network zone picks up F5 deployment jobs and calls the iControl REST API. The server assigns the work; the proxy agent executes it.