Skip to content

claasd/azlet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
azlet
azlet
 
 
function
function
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
publish.bat
publish.bat
 
 
readme.md
readme.md
 
 
setup.py
setup.py
 
 

Repository files navigation

azlet : Azure lets encrypt library

PyPI - License PyPI PyPI - Python Version

  • azlet creates SSL certificates using letsencrypt and stores them in a key vault as certificate.
  • The keyvault then can be used by azure APIM, Functions or Webservices to consume the certificates.
  • You can create new certificates, or rotate existing certificates.
  • to use azlet, you need an azure key vault an an azure DNS.
  • azlet uses azure identity to access the key vault as well as the azure dns server. You can use your identity from azure cli, managed identity or enviromnent variables.
  • azlet creates an account with letsencrypt, making sure all requests come from the same account. The account is stored in the key vault as secret.
  • azlet uses the sewer library to create certificates.

Usage

the identity that uses azlet must have secret get/set permissions as well as certificate get/list/update/create/import permissions on the key vault.

create a new certificate:

python -m azlet create --keyvault-name my-vault --dns-zone dns.zone.com --dns-subscription 11111111-1111-1111-1111-11111111111" --dns-resource-group dns --prefix test

create new certificates for all certificates that are valid less that 14 days:

python -m azlet rotate --keyvault-name my-vault --dns-zone dns.zone.com --dns-subscription 11111111-1111-1111-1111-11111111111" --dns-resource-group dns

see python -m azlet -h fro a full list of commands.

Azure Function for auto-rotation

infrastructure

In templates there are bicep templates that create a python azure function. Use function.bicep if you aready have a dns-zone and an key-vault. If you have nothing, you can use all.bicep. Example:

az deployment group create -g rg-dns -f templates/deploy-function.bicep --parameters keyVaultName=kv-my-keyvault dnsZoneName=test.org functionName=func-my-cert-rotation

This will create the azure function with a managed identity, give the function identity access to the keyvault and add the function identity as zone contributor to the DNS zone.

function

if function there is a python function that calls the rotate operation every night using a timer-trigger. Deploy it to your function using the following command (inside the function folder):

func azure functionapp publish func-my-cert-rotation --python

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages