| Name | anchor-pki JSON |
| Version |
0.3.0
JSON |
| download |
| home_page | https://anchor.dev |
| Summary | Client library for Anchor PKI. See https://anchor.dev/ for details' |
| upload_time | 2024-01-08 16:12:26 |
| maintainer | |
| docs_url | None |
| author | Anchor |
| requires_python | >=3.9,<4.0 |
| license | MIT |
| keywords |
anchor
pki
acme
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Anchor
Python client for Anchor PKI. See https://anchor.dev/ for details
## Configuration
The Following environment variables are available to configure the default
[`AutoCert::Manager`](./src/anchor-pki/autocert/manager.py).
* `HTTPS_PORT` - the TCP numerical port to bind SSL to.
* `ACME_ALLOW_IDENTIFIERS` - A comma separated list of hostnames for provisioning certs
* `ACME_DIRECTORY_URL` - the ACME provider's directory
* `ACME_KID` - your External Account Binding (EAB) KID for authenticating with the ACME directory above with an
* `ACME_HMAC_KEY` - your EAB HMAC_KEY for authenticating with the ACME directory above
* `ACME_RENEW_BEFORE_SECONDS` - **optional** Start a renewal this number number of seconds before the cert expires. This defaults to 30 days (2592000 seconds)
* `ACME_RENEW_BEFORE_FRACTION` - **optional** Start the renewal when this fraction of a certificate's valid window is left. This defaults to 0.5, which means when the cert is in the last 50% of its lifespan a renewal is attempted.
* `AUTO_CERT_CHECK_EVERY` - **optional** the number of seconds to wait between checking if the certificate has expired. This defaults to 1 hour (3600 seconds)
If both `ACME_RENEW_BEFORE_SECONDS` and `ACME_RENEW_BEFORE_FRACTION` are set,
the one that causes the renewal to take place earlier is used.
Example:
* Cert start (not_before) moment is : `2023-05-24 20:53:11 UTC`
* Cert expiration (not_after) moment is : `2023-06-21 20:53:10 UTC`
* `ACME_RENEW_BEFORE_SECONDS` is `1209600` (14 days)
* `ACME_RENEW_BEFORE_FRACTION` is `0.25` - which equates to a before seconds value of `604799` (~7 days)
The possible moments to start renewing are:
* 14 days before expiration moment - `2023-06-07 20:53:10 UTC`
* when 25% of the valid time is left - `2023-06-14 20:53:11 UTC`
Currently the `AutoCert::Manager` will use whichever is earlier.
### Example configuration
```sh
HTTPS_PORT=44300
ACME_ALLOW_IDENTIFIERS=my.lcl.host,*.my.lcl.host
ACME_DIRECTORY_URL=https://acme-v02.api.letsencrypt.org/directory
ACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
## Notes
The HTTP User Agent for the anchor-autocert client is
`anchor-pki autocert python client v{VERSION}`
## Development
Development and distribution is facilitated with poetry.
- lint the project - 2 steps:
- `poetry run black ./`
- `poetry run pylint ./src/anchor_pki`
- run tests `poetry run pytest tests/`
- run tests with coverage `poetry run pytest --cov-report=term-missing --cov=./src/anchor_pki/ tests/`
- build `poetry build`
Development assumes a `.env` file at the root of the python module.
Currently the only required items in it are:
```
ACME_KID=...
ACME_HMAC_KEY=...
VCR_RECORD_MODE=none # set to have new tests record new cassets
```
**To re-record all cassettes**
Make sure the `ACME_KID` and `ACME_HMAC_KEY` values in the
[`tests/anchor_pki/autocert/test_manager.py`](tests/anchor_pki/autocert/test_manager.py)
is kept in sync with the values in the `.env` file when re-recording the
cassettes as the values will need to be available during CI to match the
cassette data.
Update the `.env` file with:
```
VCR_RECORD_MODE=all
```
Then update the value for `vcr_recorded_at` in `tests/anchor_pki/autocert/test_manager.py`
to be sometime after the cassettes were recorded but before the certificates expire.
## License
The python packages is available as open source under the terms of the [MIT
License](./LICENSE.txt)
Raw data
{
"_id": null,
"home_page": "https://anchor.dev",
"name": "anchor-pki",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9,<4.0",
"maintainer_email": "",
"keywords": "anchor,pki,acme",
"author": "Anchor",
"author_email": "support@anchor.dev",
"download_url": "https://files.pythonhosted.org/packages/c2/62/6054c09ceaf6059e429848784ffac43a630595a204ac6ab773ab19869522/anchor_pki-0.3.0.tar.gz",
"platform": null,
"description": "# Anchor\n\nPython client for Anchor PKI. See https://anchor.dev/ for details\n\n## Configuration\n\nThe Following environment variables are available to configure the default\n[`AutoCert::Manager`](./src/anchor-pki/autocert/manager.py).\n\n* `HTTPS_PORT` - the TCP numerical port to bind SSL to.\n* `ACME_ALLOW_IDENTIFIERS` - A comma separated list of hostnames for provisioning certs\n* `ACME_DIRECTORY_URL` - the ACME provider's directory\n* `ACME_KID` - your External Account Binding (EAB) KID for authenticating with the ACME directory above with an\n* `ACME_HMAC_KEY` - your EAB HMAC_KEY for authenticating with the ACME directory above\n* `ACME_RENEW_BEFORE_SECONDS` - **optional** Start a renewal this number number of seconds before the cert expires. This defaults to 30 days (2592000 seconds)\n* `ACME_RENEW_BEFORE_FRACTION` - **optional** Start the renewal when this fraction of a certificate's valid window is left. This defaults to 0.5, which means when the cert is in the last 50% of its lifespan a renewal is attempted.\n* `AUTO_CERT_CHECK_EVERY` - **optional** the number of seconds to wait between checking if the certificate has expired. This defaults to 1 hour (3600 seconds)\n\nIf both `ACME_RENEW_BEFORE_SECONDS` and `ACME_RENEW_BEFORE_FRACTION` are set,\nthe one that causes the renewal to take place earlier is used.\n\nExample:\n\n* Cert start (not_before) moment is : `2023-05-24 20:53:11 UTC`\n* Cert expiration (not_after) moment is : `2023-06-21 20:53:10 UTC`\n* `ACME_RENEW_BEFORE_SECONDS` is `1209600` (14 days)\n* `ACME_RENEW_BEFORE_FRACTION` is `0.25` - which equates to a before seconds value of `604799` (~7 days)\n\nThe possible moments to start renewing are:\n\n* 14 days before expiration moment - `2023-06-07 20:53:10 UTC`\n* when 25% of the valid time is left - `2023-06-14 20:53:11 UTC`\n\nCurrently the `AutoCert::Manager` will use whichever is earlier.\n\n### Example configuration\n\n```sh\nHTTPS_PORT=44300\nACME_ALLOW_IDENTIFIERS=my.lcl.host,*.my.lcl.host\nACME_DIRECTORY_URL=https://acme-v02.api.letsencrypt.org/directory\nACME_KID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\nACME_HMAC_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\n```\n\n## Notes\n\nThe HTTP User Agent for the anchor-autocert client is\n\n`anchor-pki autocert python client v{VERSION}`\n## Development\n\nDevelopment and distribution is facilitated with poetry. \n\n- lint the project - 2 steps:\n - `poetry run black ./`\n - `poetry run pylint ./src/anchor_pki`\n- run tests `poetry run pytest tests/`\n- run tests with coverage `poetry run pytest --cov-report=term-missing --cov=./src/anchor_pki/ tests/`\n- build `poetry build`\n\nDevelopment assumes a `.env` file at the root of the python module.\nCurrently the only required items in it are:\n\n```\nACME_KID=...\nACME_HMAC_KEY=...\nVCR_RECORD_MODE=none # set to have new tests record new cassets\n```\n\n**To re-record all cassettes**\nMake sure the `ACME_KID` and `ACME_HMAC_KEY` values in the\n[`tests/anchor_pki/autocert/test_manager.py`](tests/anchor_pki/autocert/test_manager.py)\nis kept in sync with the values in the `.env` file when re-recording the\ncassettes as the values will need to be available during CI to match the\ncassette data.\n\nUpdate the `.env` file with:\n\n```\nVCR_RECORD_MODE=all\n```\n\nThen update the value for `vcr_recorded_at` in `tests/anchor_pki/autocert/test_manager.py`\nto be sometime after the cassettes were recorded but before the certificates expire.\n\n## License\n\nThe python packages is available as open source under the terms of the [MIT\nLicense](./LICENSE.txt)\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Client library for Anchor PKI. See https://anchor.dev/ for details'",
"version": "0.3.0",
"project_urls": {
"Homepage": "https://anchor.dev"
},
"split_keywords": [
"anchor",
"pki",
"acme"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a804b6d5716f9094f1d07aab6561cce787fea67caedfbc1a6ea4a29ba4446b88",
"md5": "4a4fee9a680706506de356ed0ea65680",
"sha256": "4eb58452a9c3d3d2494dbcf064b785430873ca8d8f5d68c2dc0f2d76cd6cb0ca"
},
"downloads": -1,
"filename": "anchor_pki-0.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "4a4fee9a680706506de356ed0ea65680",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9,<4.0",
"size": 16422,
"upload_time": "2024-01-08T16:12:25",
"upload_time_iso_8601": "2024-01-08T16:12:25.295946Z",
"url": "https://files.pythonhosted.org/packages/a8/04/b6d5716f9094f1d07aab6561cce787fea67caedfbc1a6ea4a29ba4446b88/anchor_pki-0.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c2626054c09ceaf6059e429848784ffac43a630595a204ac6ab773ab19869522",
"md5": "768425d8660ec953fc1fbdf536d189ed",
"sha256": "3374df8691f1795826e90e6b158f6d3dd6b04e8085ae2d8ee732072082b5b483"
},
"downloads": -1,
"filename": "anchor_pki-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "768425d8660ec953fc1fbdf536d189ed",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9,<4.0",
"size": 14583,
"upload_time": "2024-01-08T16:12:26",
"upload_time_iso_8601": "2024-01-08T16:12:26.290921Z",
"url": "https://files.pythonhosted.org/packages/c2/62/6054c09ceaf6059e429848784ffac43a630595a204ac6ab773ab19869522/anchor_pki-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-01-08 16:12:26",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "anchor-pki"
}
