by stanleydrew on 5/18/24, 8:11 PM with 7 comments
Anyway I got tired of having these CA private keys on my local machine, especially as I started thinking about setting up a private CA for my company (https://riza.io). So I started thinking about what the simplest way to host a private CA might be.
You really only need two things: 1) secret storage, to hold the CA's private key, and 2) a computer with access to the secret that can run openssl.
It turns out that a GitHub repository has secret storage, and GitHub Actions provides a computer with access to that secret storage which can run openssl.
So I made a GitHub repo with a stupid-simple workflow and a couple of convenience shell scripts to use as a private CA. I've already used it as a template repo to host private CA's for my projects, and thought it might be useful to others.
by brirec on 5/18/24, 9:50 PM
I did something similar in the past for a self-hosted workflow, but this looks a lot more well put-together, and honestly I never thought about using a git repository for a PKI even though it’s really perfect for one.
Edit: what I did in particular was automating easy-rsa to manage a PKI.
I wonder if using easy-rsa via GitHub actions would make sense over the shell scripts here. I didn’t look at them yet, but easy-rsa basically is a handful of shell scripts to run a local PKI. I think it originates with the OpenVPN project, but it’s flexible enough to use it for anything
by adontz on 5/18/24, 9:45 PM
by rurban on 5/19/24, 6:21 AM