gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-13 21:18:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M35): dynamic target configuration with encrypted config, test connection, and GUI updates

Browse Source 
Mirror M34's dynamic issuer config pattern for deployment targets: AES-256-GCM
encrypted config storage, sensitive field redaction in API responses, agent
heartbeat-based test connection endpoint, and full frontend updates including
test status indicators, source badges, and removal of stale hostname/status
fields from the Target interface.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-04 01:09:53 -04:00
parent e19b8c95fe
commit e6088c79a3
23 changed files with 849 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/service/issuer.go
-37
View File
@@ -6,7 +6,6 @@ import (
"fmt"
"log/slog"
"os"
"strings"
"time"
"github.com/shankar0123/certctl/internal/config"
@@ -16,9 +15,6 @@ import (
"github.com/shankar0123/certctl/internal/repository"
)
// sensitiveKeys are config key substrings that should be redacted in API responses.
var sensitiveKeys = []string{"password", "secret", "token", "key", "hmac", "private", "credentials"}
// IssuerService provides business logic for certificate issuer management.
type IssuerService struct {
issuerRepo repository.IssuerRepository
@@ -703,39 +699,6 @@ func (s *IssuerService) updateTestStatus(ctx context.Context, iss *domain.Issuer
}
}
// redactConfigJSON replaces sensitive values in a JSON config with "********".
func redactConfigJSON(configJSON json.RawMessage) json.RawMessage {
var m map[string]interface{}
if err := json.Unmarshal(configJSON, &m); err != nil {
return configJSON // Not a JSON object, return as-is
}
for k, v := range m {
if isSensitiveConfigKey(k) {
if str, ok := v.(string); ok && str != "" {
m[k] = "********"
}
}
}
redacted, err := json.Marshal(m)
if err != nil {
return configJSON
}
return json.RawMessage(redacted)
}
// isSensitiveConfigKey checks if a config key contains sensitive substrings.
func isSensitiveConfigKey(key string) bool {
lower := strings.ToLower(key)
for _, s := range sensitiveKeys {
if strings.Contains(lower, s) {
return true
}
}
return false
}
// getEnvForSeed reads an environment variable for seed data construction.
func getEnvForSeed(key string) string {
return os.Getenv(key)