certctl

gsadmin/certctl

Fork 0

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 13:41:30 +00:00

Commit Graph

Select branches

Hide Pull Requests

master

#3

checkpoint/m1-migration-wip

v1.0.0

v2.0.0

v2.0.1

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.2

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

v2.0.25

v2.0.26

v2.0.27

v2.0.28

v2.0.29

v2.0.3

v2.0.30

v2.0.31

v2.0.32

v2.0.33

v2.0.34

v2.0.35

v2.0.36

v2.0.37

v2.0.38

v2.0.39

v2.0.4

v2.0.40

v2.0.41

v2.0.42

v2.0.43

v2.0.44

v2.0.45

v2.0.46

v2.0.47

v2.0.48

v2.0.49

v2.0.5

v2.0.50

v2.0.51

v2.0.52

v2.0.53

v2.0.54

v2.0.55

v2.0.56

v2.0.57

v2.0.59

v2.0.6

v2.0.60

v2.0.61

v2.0.62

v2.0.63

v2.0.64

v2.0.65

v2.0.66

v2.0.67

v2.0.68

v2.0.69

v2.0.7

v2.0.70

v2.0.71

v2.0.72

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

12d7b1f51d docs: Phase 11 follow-on — fix inter-doc cross-references in deeper subdirs shankar0123 2026-05-05 03:31:05 +00:00
19c8fafe84 docs: Phase 14 — Last reviewed line sweep across docs/ shankar0123 2026-05-05 03:26:46 +00:00
426760d737 docs: Phase 13 — README rewrite to 250-line target shankar0123 2026-05-05 03:24:42 +00:00
affaa11d14 docs: Phase 12 — populate docs/README.md navigation index shankar0123 2026-05-05 03:21:53 +00:00
dca1900815 docs: Phase 11 (partial) — fix cross-references after Phase 2 moves shankar0123 2026-05-05 03:19:21 +00:00
633e440787 docs: Phase 4 (structural) — move connectors.md + 5 deep dives into reference/connectors/ shankar0123 2026-05-05 03:14:39 +00:00
cee008207b docs: delete features.md (Phase 6 disperse, content already in canonical docs) shankar0123 2026-05-05 03:09:48 +00:00
e9b15108d9 docs: split legacy-est-scep.md into two purpose-aligned docs shankar0123 2026-05-05 02:55:45 +00:00
f157c18368 docs: re-home ACME client walkthroughs under docs/migration/ shankar0123 2026-05-05 02:51:10 +00:00
b21c02a3d5 docs: archive version-specific upgrade guides shankar0123 2026-05-05 02:50:14 +00:00
3a807ae37e docs: Phase 2 mechanical file moves to subdirectory structure shankar0123 2026-05-05 02:49:28 +00:00
cda957f302 docs: Phase 2 prep — placeholder navigation index shankar0123 2026-05-05 02:48:49 +00:00
0f81c1b956 ci: re-fix CodeQL #32 + repair loadtest f5-mock build context v2.0.70 shankar0123 2026-05-04 17:26:24 +00:00
ff6ffcda1b refactor(web): drop 5 unused imports across 4 pages (CodeQL #6, #7, #8, #9) shankar0123 2026-05-04 05:31:17 +00:00
b0fc067317 security: close CodeQL #17 (log injection) + #23 (SSRF false-positive reopen) shankar0123 2026-05-04 05:29:35 +00:00
c46a6aecbc deps: upgrade go-ntlmssp v0.0.0-20221128 → v0.1.1 (Dependabot #7, CVE-2026-32952) shankar0123 2026-05-04 05:19:33 +00:00
9ef9f3cde3 refactor(scep+ejbca): drop dead conditionals on always-empty vars (CodeQL #18, #19) shankar0123 2026-05-04 05:17:16 +00:00
a00b20cc97 test(web): drop unused mock helpers in client.error.test.ts (CodeQL #3) shankar0123 2026-05-04 05:13:03 +00:00
b6a5278df1 refactor(web): drop unused imports (CodeQL #5 + #10) shankar0123 2026-05-04 05:11:23 +00:00
439905e546 refactor(scep-gui): remove unused pickTabFromQuery (CodeQL #22) shankar0123 2026-05-04 05:10:04 +00:00
2b4d0069d9 security(scep-intune): annotate verifyES256/RS256 SHA-256 as RFC-mandated (CodeQL #21 false positive) shankar0123 2026-05-04 05:08:02 +00:00
d08982fc19 security(signer): bound FileDriver paths with SafeRoot + reject .. (CodeQL #27, CWE-22) shankar0123 2026-05-04 05:04:35 +00:00
af3ca3935b ci: convert literal Unicode in headers_test.go to \u escapes (ST1018) shankar0123 2026-05-04 05:00:14 +00:00
e6919cdaba security(scep_probe): re-validate URL inside scepHTTPGet to close CodeQL #23 (CWE-918) shankar0123 2026-05-04 04:58:51 +00:00
23c593089d security(email): sanitize body fields against content injection (CodeQL #11, CWE-640) shankar0123 2026-05-04 04:56:13 +00:00
e50ba168ac docs(README): strategic refresh — surface Rank 4/5/7/8 + ACME server + cloud targets shankar0123 2026-05-04 03:58:21 +00:00
7d48bd0367 docs(intermediate-ca-hierarchy): fix stateDiagram-v2 GitHub render parse error shankar0123 2026-05-04 02:43:47 +00:00
85649cf983 docs: convert remaining ASCII diagrams to mermaid (audit closure) shankar0123 2026-05-04 02:40:01 +00:00
8908c8ff5c web, docs: IssuerHierarchyPage + sysadmin runbook + connectors row (Rank 8 commit 5) shankar0123 2026-05-04 02:33:48 +00:00
34adcfbbe5 api, handler: 4 admin-gated CA hierarchy endpoints + OpenAPI (Rank 8 commit 4) shankar0123 2026-05-04 02:26:24 +00:00
ae597f7f8d local: tree-mode chain assembly + byte-equivalence pin (Rank 8 commit 3) shankar0123 2026-05-04 02:19:00 +00:00
62523fb845 service: 10 IntermediateCAService tests + in-memory fake repo (Rank 8 commit 2.5) shankar0123 2026-05-04 02:14:24 +00:00
fb54ebcb62 service: IntermediateCAService + IntermediateCAMetrics + RFC 5280 enforcement shankar0123 2026-05-04 01:58:26 +00:00
66d2af36a7 domain, migrations: IntermediateCA type + intermediate_cas + Issuer.HierarchyMode shankar0123 2026-05-04 01:53:56 +00:00
31e50d987f ci: fix Rank 7 lint + openapi-handler-parity drift on master shankar0123 2026-05-04 01:35:30 +00:00
b601928e1c docs(approval-workflow): drop Infisical reference from operator playbook shankar0123 2026-05-04 01:18:59 +00:00
aebfd8bd7c Revert "chore: drop 'Infisical' label from internal references" shankar0123 2026-05-04 01:18:15 +00:00
19706e56b3 chore: drop 'Infisical' label from internal references shankar0123 2026-05-04 01:15:01 +00:00
03c61f4c20 scheduler, certificate, renewal: gate issuance on profile-driven approval shankar0123 2026-05-04 01:12:07 +00:00
81632eb0f3 api, handler: 4 approval endpoints + handler RBAC integration tests shankar0123 2026-05-04 01:05:16 +00:00
8043e2bbac service: ApprovalService + ApprovalMetrics + 8 table-driven tests shankar0123 2026-05-04 01:01:53 +00:00
2025275b43 domain, migrations: ApprovalRequest type + issuance_approval_requests + RequiresApproval shankar0123 2026-05-04 00:55:17 +00:00
69d4ada385 ci(release): pin run-name + release title to tag (fix ugly auto-generated titles) shankar0123 2026-05-04 00:46:31 +00:00
8b75e0311b chore: rename Go module path to github.com/certctl-io/certctl v2.0.69 shankar0123 2026-05-04 00:30:29 +00:00
2d22e08a1e release: v2.0.68 — image registry path moved to ghcr.io/certctl-io v2.0.68 shankar0123 2026-05-04 00:09:28 +00:00
cabe1aee45 docs(README): drop V3 Pro + V4 sections — everything ships free under BSL shankar0123 2026-05-03 23:56:00 +00:00
b577f6f251 fix(agent): thread ctx through createTargetConnector to satisfy contextcheck shankar0123 2026-05-03 23:46:23 +00:00
0729ee46e0 chore: sweep github.com/shankar0123/certctl URL refs to certctl-io/certctl shankar0123 2026-05-03 23:39:50 +00:00
c8eb3e0399 ci(go.mod): fix go mod tidy drift after Rank 5 cloud-target commits shankar0123 2026-05-03 23:01:08 +00:00
9a7e818f3e docs, seed: cloud-target operator runbook + AWS ACM / Azure KV demo seed rows shankar0123 2026-05-03 22:46:29 +00:00
8a56a78282 target(azurekv): SDK-driven Azure Key Vault target connector shankar0123 2026-05-03 22:43:45 +00:00
edf6bee7f8 target(awsacm): SDK-driven AWS Certificate Manager target connector shankar0123 2026-05-03 22:32:45 +00:00
109f32ff41 notifications: per-policy multi-channel expiry-alert routing shankar0123 2026-05-03 22:12:32 +00:00
022caf39b4 ci(googlecas): fix QF1002 staticcheck — tagged switch on r.URL.Path shankar0123 2026-05-03 21:32:55 +00:00
869fc8f245 docs(openssl): operator playbook for shell-out threat model shankar0123 2026-05-03 21:28:05 +00:00
0792271dc6 vault: add automatic token renewal at TTL/2 + Prometheus metric shankar0123 2026-05-03 21:24:27 +00:00
a2a59a823e googlecas, awsacmpca: add failure_test.go covering cloud-SDK error contracts shankar0123 2026-05-03 21:10:41 +00:00
b0c4ed1ae2 openssl: add failure_test.go covering 6 shell-out error modes shankar0123 2026-05-03 20:55:26 +00:00
d3bf2cc0cf vault, digicert: migrate Token / APIKey to *secret.Ref (Bundle I Phase 3) shankar0123 2026-05-03 20:49:23 +00:00
81f6321326 ejbca: port mTLS keypair to mtlscache (close Bundle M for the last issuer) shankar0123 2026-05-03 20:38:19 +00:00
39f065dda4 docs(acme-server): operator-facing reference + threat model + cert-manager walkthrough (Phase 6/7) shankar0123 2026-05-03 19:58:15 +00:00
bee47f0318 acme-server: cert-manager integration test + production hardening (Phase 5/7) shankar0123 2026-05-03 19:42:03 +00:00
9bfbac0f97 deps(web): upgrade vite ^8.0.0 → ^8.0.10 (3 Dependabot alerts) shankar0123 2026-05-03 19:18:14 +00:00
650f5a198f fix: collapse identical if/else branches in Account handler (CodeQL #25) shankar0123 2026-05-03 19:07:21 +00:00
1e1bc9b3b4 ci: fix Phase 4 post-push unused-symbol failures shankar0123 2026-05-03 19:02:44 +00:00
f6ba5634fd ci: fix Phase 4 post-push gofmt failure (map-literal alignment) shankar0123 2026-05-03 18:58:00 +00:00
4dc8d3fa5b acme-server: key rollover + revocation + ARI (Phase 4/7) shankar0123 2026-05-03 16:51:06 +00:00
62513ad12f ci: fix Phase 3 post-push CI failures (contextcheck + ST1021) shankar0123 2026-05-03 15:56:03 +00:00
9bc845304e acme-server: HTTP-01 + DNS-01 + TLS-ALPN-01 challenge validation (Phase 3/7) shankar0123 2026-05-03 14:09:00 +00:00
45fae9952a chore(deps): remove stale go-jose v4.0.4 entries from go.sum shankar0123 2026-05-03 13:51:55 +00:00
f68fd00b7b chore(deps): upgrade go-jose v4.0.4 → v4.1.4 + tidy duplicate require shankar0123 2026-05-03 13:48:57 +00:00
c351bba41a acme-server: orders + authorizations + finalize + cert download (Phase 2/7) shankar0123 2026-05-03 13:46:10 +00:00
a05a7d3dad ci: fix Phase 1b post-push CI failures (3 guards) shankar0123 2026-05-03 13:31:35 +00:00
44a85d6f85 acme-server: account resource + JWS verifier (Phase 1b/7) shankar0123 2026-05-03 13:21:56 +00:00
ec88a61274 acme-server: foundation — directory + new-nonce + per-profile routing (Phase 1a/7) shankar0123 2026-05-03 12:47:52 +00:00
b8b7e1e3dd tlsprobe: add VerifyWithExponentialBackoff + rewire all connectors' runPostDeployVerify shankar0123 2026-05-02 22:53:47 +00:00
85d247455b docs(postfix): add Mode=postfix vs Mode=dovecot decision matrix subsection shankar0123 2026-05-02 22:46:44 +00:00
b16e5b5e97 docs(ssh): operator playbook for InsecureIgnoreHostKey design choice shankar0123 2026-05-02 22:44:30 +00:00
62f0a284be iis,wincertstore: default-deadline ctx wrapper for PowerShell exec calls shankar0123 2026-05-02 22:38:35 +00:00
4142837cac iis,wincertstore,javakeystore: SHA-256 idempotency short-circuit shankar0123 2026-05-02 22:01:30 +00:00
c26cef37a1 loadtest: capture sandbox-aggregate placeholder for API-tier baseline shankar0123 2026-05-02 21:48:29 +00:00
fb88e0f8a8 docs(deployment-atomicity): K8s row honest + audit-closure rollup shankar0123 2026-05-02 20:06:24 +00:00
b8293653a5 postfix: add atomic-test variants for Mode=dovecot (happy path + verify-rollback) shankar0123 2026-05-02 19:34:58 +00:00
e292faafc6 loadtest: per-connector deploy throughput scenarios + target sidecars + README baseline section shankar0123 2026-05-02 19:28:45 +00:00
08a86d355d caddy: fix duration metric + file-mode PEM validate + api-mode idempotency shankar0123 2026-05-02 19:13:18 +00:00
eb390b2db4 javakeystore: pre-deploy export snapshot + on-import-failure rollback + argv-password operator note shankar0123 2026-05-02 19:01:06 +00:00
60ae92b0e8 wincertstore: pre-deploy snapshot + on-import-failure rollback shankar0123 2026-05-02 18:13:40 +00:00
c222c8b57a ssh: fix staticcheck ST1008 — error is last return from restoreFromBackups shankar0123 2026-05-02 17:35:45 +00:00
636de7f6b5 ssh: pre-deploy snapshot + reload-failure rollback shankar0123 2026-05-02 17:13:38 +00:00
da00ee0ca5 license: tighten BSL terms (Florida venue, full Pi Day Change Date, no contributions) shankar0123 2026-05-02 17:12:50 +00:00
30daadbe81 iis: pre-deploy binding snapshot + on-failure rollback shankar0123 2026-05-02 16:58:01 +00:00
b767f579ef traefik: refactor to single deploy.Apply Plan (all-files atomicity + rollback) shankar0123 2026-05-02 16:16:25 +00:00
febf50090b envoy: atomic SDS JSON write + post-deploy watcher pickup poll shankar0123 2026-05-02 16:08:20 +00:00
475421457f fix(test): TestBoundedFanOut_SkipsAgentRoutedDeployments race on seenIDs slice shankar0123 2026-05-02 14:34:48 +00:00
a22a1be962 globalsign,entrust: cache mTLS keypair with mtime-based reload shankar0123 2026-05-02 14:32:59 +00:00
35e18bfc56 scheduler: bound renewal concurrency via CERTCTL_RENEWAL_CONCURRENCY shankar0123 2026-05-02 14:12:30 +00:00
3a665ae6ba loadtest: add k6 harness for certctl API throughput shankar0123 2026-05-02 14:00:10 +00:00
fefa5a5fd7 acme: support serial-only revocation via local cert-version lookup shankar0123 2026-05-02 13:09:30 +00:00
2a384c690e secret: migrate EJBCA / GlobalSign / Sectigo credentials to *secret.Ref (Phase 2) shankar0123 2026-05-02 12:53:58 +00:00
0509790325 asyncpoll: refactor Sectigo / Entrust / GlobalSign to bounded polling (Phase 2) shankar0123 2026-05-02 02:41:36 +00:00

... 2 3 4 5 6 ...