/symbios

The easy ephemeral Public Key infrastructure (PKI)

Primary LanguageGoMIT LicenseMIT

Symbios

Symbios is an X.509 identity provisioning service designed to simplify mutual TLS authentication for microservices deployed in containers. This project helps you provision your PKI as easily as you provision containers and exposes an API for integration with your existing scheduling / deployment infrastructure.

Symbios accomplishes this without distribution or centralized management of secrets!

Symbios is result from a fork of Pollendina, #2 at DockerCon Hackathon 2015

Symbios comes from the symbiose relation between containers exchanging data with SSL/TLS.

Protocol

Protocol details

Usage

Setup (Create a CA container)

Install symbios in your localhost:

go get github.com/dnascimento/symbios
go install github.com/dnascimento/symbios/src/symbios

Create user keys:

symbios new-user

Launch CA container injecting the obtained key as environment variable:

docker run -i -t --name ca -e "SYM_USER_KEY=<key obtained previously>" symbios/ca bash

Get Certificate Authority root-certificate fingerprint

docker run -i -t --link ca:ca symbios/base symbios ca-hash --host ca | tee fingerprint

Keep the fingerprint file. It authenticates the certificate authority that you lunched.

Add new container

Generate token

symbios new-token -key id_rsa 

Launch new container injecting the token

docker run -i -t -link ca:ca -e "SYM_TOKEN=<token obtained previously>" -e "SYM_CA_HASH=<fingerprint file content>" -e "SYM_CA_HOST=ca" symbios/container bash

Contributors

Waiting for you!

Kudos

Hackathon Pollendina Contributors