CreateCertificateFromKeys will take the provided key pair and generate the associated TLS certificate.

CreateECDSACertificateKeyPair will generate a new certificate key pair using the ECDSA algorithm.

CreateECDSAKeyPair generates a new private public key pair using the ECDSA algorithm.

CreateRSACertificateKeyPair will generate a new certificate key pair using the RSA algorithm.

CreateRSAKeyPair generates a new private public key pair using the RSA algorithm.

EncodeCertificateToPEM will take the raw x509 Certificate and encode it to a pem Block struct.

EncodeECDSAPrivateKeyToPEM will take the provided ECDSA private key and encode it to a pem Block struct.

EncodePublicKeyToPEM will take the provided public key and encode it to a pem Block struct.

EncodeRSAPrivateKeyToPEM will take the provided RSA private key and encode it to a pem Block struct.

GenerateAndStoreAsK8SSecret will generate new TLS certificate key pairs and store them as Kubernetes Secret resources.

LoadCertificate will load a Certificate object from the provided path, assuming it holds a certificate encoded in PEM.

LoadECDSAPrivateKey will load a private key object from the provided path, assuming it holds a certificate encoded in PEM.

LoadRSAPrivateKey will load a private key object from the provided path, assuming it holds a certificate encoded in PEM.

NewPrivateKeyPEMBlock will create the pem Block struct with the provided data.

StoreCertificate will take the provided certificate, encode it to pem, and store it on disk at the specified path.

StoreCertificateKeyPairAsKubernetesSecret will store the provided certificate key pair (which is available in the local file system) in the Kubernetes cluster as a secret.

StoreECDSAPrivateKey takes the given ECDSA private key, encode it to pem, and store it on disk at the specified path.

StoreECDSAPublicKey takes the given ECDSA public key, encode it to pem, and store it on disk at the specified path.

StorePEM will take the pem block and store it to disk.

StoreRSAPrivateKey takes the given RSA private key, encode it to pem, and store it on disk at the specified path.

StoreRSAPublicKey takes the given RSA public key, encode it to pem, and store it on disk at the specified path.

Private key algorithms.

We force users to use at least 2048 bits for RSA, as anything less is cryptographically insecure (since they have been cracked).

Elliptic curves.

List of known curves we support for ECDSA private key algorithm.

Valid private key algorithms we support in this library.

CertificateKeyPairPath represents the path where the certificate key pair resides.

RSABitsTooLow is returned when the requested RSA key length is too low.

TLSECDSACertificateKeyPair represents the certificate key pair generated using the ECDSA algorithm.

TLSOptions is a convenient struct to capture all the options needed for generating a TLS certificate key pair.

TLSRSACertificateKeyPair represents the certificate key pair generated using the RSA algorithm.

UnknownECDSACurveError is returned when an unknown ecdsa curve is requested.

UnknownPrivateKeyAlgorithm is returned when the provided algorithm is unknown or unsupported.