diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/README.md b/README.md index ac7a7de..e2c3de3 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,58 @@ -# certman +# Certwarden Certificate Management +A bash script for managing SSL/TLS certificates through the Certwarden API. This tool provides a simple interface for downloading, installing, and managing certificates on your system. + +## Features + +- Download certificates and private keys from Certwarden server +- Automatic installation with proper permissions +- List installed certificates +- Check certificate expiration dates +- Interactive menu-driven interface +- Automated mode support through environment variables + +## Prerequisites + +The script requires the following dependencies: +- `curl`: For API interactions +- `jq`: For JSON processing +- `openssl`: For certificate operations + +## Installation + +1. Clone this repository: +```bash +git clone +cd certman +``` + +2. Make the script executable: +```bash +chmod +x certman.sh +``` + + +3. Create a `.env` file with your configuration: +```bash +CERTWARDEN_SERVER="certwarden.dmz.skyfritt.net" +API_KEY="" + +CERT_NAME="$(hostname).crt" # defaults to hostname +CERT_PATH="/etc/ssl/certs" +KEY_PATH="/etc/ssl/private" + +AUTO_MODE="false" +TEMP_PATH="/tmp/cert_temp" +``` + +### Environment Variables Explained + +| Variable | Description | Default Value | Required | +|----------|-------------|---------------|----------| +| CERTWARDEN_SERVER | Certwarden API server hostname | certwarden.dmz.skyfritt.net | Yes | +| API_KEY | Your Certwarden API key | Empty | Yes for auto mode | +| CERT_NAME | Certificate name to manage | $(hostname).crt | Yes | +| CERT_PATH | Directory for certificate storage | /etc/ssl/certs | Yes | +| KEY_PATH | Directory for private key storage | /etc/ssl/private | Yes | +| AUTO_MODE | Enable automated operation | false | No | +| TEMP_PATH | Temporary directory for downloads | /tmp/cert_temp | Yes | diff --git a/certman.sh b/certman.sh index f403c6e..96cf004 100644 --- a/certman.sh +++ b/certman.sh @@ -1,21 +1,16 @@ #!/bin/bash -# Certificate Management Script for Certwarden -# Version: 1.0 +if [ -f .env ]; then + source .env +else + echo "No .env file found." +fi -# Configuration -CERTWARDEN_SERVER="your-certwarden-server.com" -CERT_PATH="/etc/ssl/certs" -KEY_PATH="/etc/ssl/private" -TEMP_PATH="/tmp/cert_temp" - -# Color codes for output GREEN='\033[0;32m' RED='\033[0;31m' BLUE='\033[0;34m' NC='\033[0m' # No Color -# Function to check if required commands exist check_requirements() { local required_commands=("curl" "jq") for cmd in "${required_commands[@]}"; do @@ -27,7 +22,6 @@ check_requirements() { done } -# Function to validate API key format validate_api_key() { local api_key=$1 if [[ ! $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]; then @@ -36,16 +30,13 @@ validate_api_key() { return 0 } -# Function to create directories if they don't exist setup_directories() { - mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH" - if [ $? -ne 0 ]; then + if ! mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH"; then echo -e "${RED}Error: Failed to create required directories${NC}" exit 1 fi } -# Function to download certificate and key download_certificate() { local cert_name=$1 local api_key=$2 @@ -75,7 +66,6 @@ download_certificate() { return 0 } -# Function to install certificate and key install_certificate() { local cert_name=$1 @@ -83,11 +73,11 @@ install_certificate() { if sudo mv "$TEMP_PATH/$cert_name.crt" "$CERT_PATH/" && \ sudo mv "$TEMP_PATH/$cert_name.key" "$KEY_PATH/"; then echo -e "${GREEN}Certificate and key installed successfully${NC}" - + # Set appropriate permissions sudo chmod 644 "$CERT_PATH/$cert_name.crt" sudo chmod 600 "$KEY_PATH/$cert_name.key" - + return 0 else echo -e "${RED}Failed to install certificate and key${NC}" @@ -97,27 +87,43 @@ install_certificate() { # Main menu function main_menu() { + # If in auto mode and we have cert name and API key, process automatically + if [ "$AUTO_MODE" = "true" ] && [ -n "$CERT_NAME" ] && [ -n "$API_KEY" ]; then + if validate_api_key "$API_KEY"; then + if download_certificate "$CERT_NAME" "$API_KEY"; then + install_certificate "$CERT_NAME" + fi + else + echo -e "${RED}Invalid API key format in .env file${NC}" + fi + exit 0 + fi + while true; do echo -e "\n${BLUE}Certwarden Certificate Management${NC}" echo "1. Download and install new certificate" echo "2. List installed certificates" echo "3. Check certificate expiration" echo "4. Exit" - - read -p "Select an option (1-4): " choice + + read -r -p "Select an option (1-4): " choice case $choice in 1) - read -p "Enter certificate name: " cert_name - read -p "Enter API key: " api_key + if [ -z "$CERT_NAME" ]; then + read -r -p "Enter certificate name: " CERT_NAME + fi + if [ -z "$API_KEY" ]; then + read -r -p "Enter API key: " API_KEY + fi - if ! validate_api_key "$api_key"; then + if ! validate_api_key "$API_KEY"; then echo -e "${RED}Invalid API key format${NC}" continue fi - if download_certificate "$cert_name" "$api_key"; then - install_certificate "$cert_name" + if download_certificate "$CERT_NAME" "$API_KEY"; then + install_certificate "$CERT_NAME" fi ;; 2)