Add .env and README

2025-02-28 21:48:08 +01:00 · 2025-02-28 21:48:08 +01:00 · 5a0330f70d
commit 5a0330f70d
parent 696867a82f
3 changed files with 89 additions and 26 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.env
--- a/README.md
+++ b/README.md
@ -1,2 +1,58 @@
-# certman
+# Certwarden Certificate Management

+A bash script for managing SSL/TLS certificates through the Certwarden API. This tool provides a simple interface for downloading, installing, and managing certificates on your system.
+
+## Features
+
+- Download certificates and private keys from Certwarden server
+- Automatic installation with proper permissions
+- List installed certificates
+- Check certificate expiration dates
+- Interactive menu-driven interface
+- Automated mode support through environment variables
+
+## Prerequisites
+
+The script requires the following dependencies:
+- `curl`: For API interactions
+- `jq`: For JSON processing
+- `openssl`: For certificate operations
+
+## Installation
+
+1. Clone this repository:
+```bash
+git clone <repository-url>
+cd certman
+```
+
+2. Make the script executable:
+```bash
+chmod +x certman.sh
+```
+
+
+3. Create a `.env` file with your configuration:
+```bash
+CERTWARDEN_SERVER="certwarden.dmz.skyfritt.net"
+API_KEY=""
+
+CERT_NAME="$(hostname).crt" # defaults to hostname
+CERT_PATH="/etc/ssl/certs"
+KEY_PATH="/etc/ssl/private"
+
+AUTO_MODE="false"
+TEMP_PATH="/tmp/cert_temp"
+```
+
+### Environment Variables Explained
+
+| Variable | Description | Default Value | Required |
+|----------|-------------|---------------|----------|
+| CERTWARDEN_SERVER | Certwarden API server hostname | certwarden.dmz.skyfritt.net | Yes |
+| API_KEY | Your Certwarden API key | Empty | Yes for auto mode |
+| CERT_NAME | Certificate name to manage | $(hostname).crt | Yes |
+| CERT_PATH | Directory for certificate storage | /etc/ssl/certs | Yes |
+| KEY_PATH | Directory for private key storage | /etc/ssl/private | Yes |
+| AUTO_MODE | Enable automated operation | false | No |
+| TEMP_PATH | Temporary directory for downloads | /tmp/cert_temp | Yes |
--- a/certman.sh
+++ b/certman.sh
@ -1,21 +1,16 @@
 #!/bin/bash

-# Certificate Management Script for Certwarden
-# Version: 1.0
+if [ -f .env ]; then
+    source .env
+else
+    echo "No .env file found."
+fi

-# Configuration
-CERTWARDEN_SERVER="your-certwarden-server.com"
-CERT_PATH="/etc/ssl/certs"
-KEY_PATH="/etc/ssl/private"
-TEMP_PATH="/tmp/cert_temp"
-
-# Color codes for output
 GREEN='\033[0;32m'
 RED='\033[0;31m'
 BLUE='\033[0;34m'
 NC='\033[0m' # No Color

-# Function to check if required commands exist
 check_requirements() {
    local required_commands=("curl" "jq")
    for cmd in "${required_commands[@]}"; do
@ -27,7 +22,6 @@ check_requirements() {
    done
 }

-# Function to validate API key format
 validate_api_key() {
    local api_key=$1
    if [[ ! $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]; then
@ -36,16 +30,13 @@ validate_api_key() {
    return 0
 }

-# Function to create directories if they don't exist
 setup_directories() {
-    mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH"
-    if [ $? -ne 0 ]; then
+    if ! mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH"; then
        echo -e "${RED}Error: Failed to create required directories${NC}"
        exit 1
    fi
 }

-# Function to download certificate and key
 download_certificate() {
    local cert_name=$1
    local api_key=$2
@ -75,7 +66,6 @@ download_certificate() {
    return 0
 }

-# Function to install certificate and key
 install_certificate() {
    local cert_name=$1

@ -83,11 +73,11 @@ install_certificate() {
    if sudo mv "$TEMP_PATH/$cert_name.crt" "$CERT_PATH/" && \
       sudo mv "$TEMP_PATH/$cert_name.key" "$KEY_PATH/"; then
        echo -e "${GREEN}Certificate and key installed successfully${NC}"
-        
+
        # Set appropriate permissions
        sudo chmod 644 "$CERT_PATH/$cert_name.crt"
        sudo chmod 600 "$KEY_PATH/$cert_name.key"
-        
+
        return 0
    else
        echo -e "${RED}Failed to install certificate and key${NC}"
@ -97,27 +87,43 @@ install_certificate() {

 # Main menu function
 main_menu() {
+    # If in auto mode and we have cert name and API key, process automatically
+    if [ "$AUTO_MODE" = "true" ] && [ -n "$CERT_NAME" ] && [ -n "$API_KEY" ]; then
+        if validate_api_key "$API_KEY"; then
+            if download_certificate "$CERT_NAME" "$API_KEY"; then
+                install_certificate "$CERT_NAME"
+            fi
+        else
+            echo -e "${RED}Invalid API key format in .env file${NC}"
+        fi
+        exit 0
+    fi
+
    while true; do
        echo -e "\n${BLUE}Certwarden Certificate Management${NC}"
        echo "1. Download and install new certificate"
        echo "2. List installed certificates"
        echo "3. Check certificate expiration"
        echo "4. Exit"
-        
-        read -p "Select an option (1-4): " choice
+
+        read -r -p "Select an option (1-4): " choice

        case $choice in
            1)
-                read -p "Enter certificate name: " cert_name
-                read -p "Enter API key: " api_key
+                if [ -z "$CERT_NAME" ]; then
+                    read -r -p "Enter certificate name: " CERT_NAME
+                fi
+                if [ -z "$API_KEY" ]; then
+                    read -r -p "Enter API key: " API_KEY
+                fi

-                if ! validate_api_key "$api_key"; then
+                if ! validate_api_key "$API_KEY"; then
                    echo -e "${RED}Invalid API key format${NC}"
                    continue
                fi

-                if download_certificate "$cert_name" "$api_key"; then
-                    install_certificate "$cert_name"
+                if download_certificate "$CERT_NAME" "$API_KEY"; then
+                    install_certificate "$CERT_NAME"
                fi
                ;;
            2)