/identity

Identity management library for the OpenZiti project

Primary LanguageGoApache License 2.0Apache-2.0

Ziti Identity library

This library is an attempt to normalize identity configuration for various ziti components.

Configuration

It is expected that identity configuration is stored in JSON format and mapped to identity.IdentityConfig type

{
    "id": {
        "key": "file://{path}",
        "cert": "file://{path}",
        "server_cert": "file://{path}" // optional
        "ca": "file://{path}" // optional
    }
}

It allows different ways of specifying private keys and certificates

Keys

  • from file "key": "file://{path to key PEM file}", or "key": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "key": "pem:------BEGIN EC PRIVATE KEY-----...."
  • engine for HW token support "key": "engine:{engine_id}?{engine options}"

Certificates

Applied to both ID/client and server certificates, as well as CA bundle config

  • from file "cert": "file://{path to cert PEM file}", or "server_cert": "{path to key PEM file}". Note, latter version supports relative paths
  • inline "cert": "pem:------BEGIN CERTIFICATE-----...."

Usage

Once IdentityConfig is loaded, it could be used to acquire actual TLS credentials

idCfg := cfg.ID // load config from somewhere
id, err := identity.LoadIdentity(idCfg)

cltCert = id.Cert() // tls.Certificate