tlsbootstrap

package
v0.2.0-beta.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package tlsbootstrap provides zero-friction self-signed certificate generation for development and internal deployments.

It is NOT intended for production: self-signed certs trigger client trust warnings, and operators should prefer TLS_CERT_FILE/TLS_KEY_FILE backed by a real CA (Let's Encrypt, internal PKI, cert-manager, etc.) for anything internet-facing.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EnsureSelfSignedCert 

func EnsureSelfSignedCert(cacheDir string) (certPath, keyPath string, err error)

EnsureSelfSignedCert creates (or loads if valid) a self-signed cert pair cached under cacheDir. It returns absolute paths to the cert.pem and key.pem files that can be passed directly to http.Server.ListenAndServeTLS / credentials.NewServerTLSFromFile.

The generated certificate has:

  • ECDSA P-256 key (fast, widely supported, HTTP/2 + gRPC compatible).
  • 10-year validity (self-signed, rotated by deleting the cache dir).
  • CN=otelcontext, self-CA (IsCA=true) so clients can pin this cert.
  • SANs: localhost, the OS hostname (best-effort), and IPs 127.0.0.1, ::1.
  • ExtKeyUsage: ServerAuth + ClientAuth (covers gRPC + HTTP server use).

On the first invocation, a loud INFO log is emitted reminding the operator this is a development-mode cert. Subsequent invocations that reuse a valid cached cert log at DEBUG only.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.