Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

certificates

package

Go to main page

Versions in this module

v1

v1.0.2

Nov 25, 2025

v1.0.1

Nov 25, 2025

v1.0.0

Sep 18, 2025

Changes in this version

+ const CACert

+ const CertificateDataType

+ const ClientCert

+ const DataKeyCertificate

+ const DataKeyCertificateCA

+ const DataKeyPrivateKey

+ const DataKeyPrivateKeyCA

+ const DataKeyRSAPrivateKey

+ const DataKeySSHAuthorizedKeys

+ const PKCS1

+ const PKCS8

+ const PrivateKeyDataType

+ const ServerCert

+ const ServerClientCert

+ const TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern

+ var EmptyInfoData = &emptyInfoData

+ func DecodeCertificate(bytes []byte) (*x509.Certificate, error)

+ func DecodePrivateKey(bytes []byte) (*rsa.PrivateKey, error)

+ func DecodeRSAPrivateKeyFromPKCS8(bytes []byte) (*rsa.PrivateKey, error)

+ func EncodeCertificate(certificate []byte) []byte

+ func EncodePrivateKey(key *rsa.PrivateKey) []byte

+ func EncodePrivateKeyInPKCS8(key *rsa.PrivateKey) ([]byte, error)

+ func GenerateCertificateAuthorities(k8sClusterClient client.Client, existingSecretsMap map[string]*corev1.Secret, ...) (map[string]*corev1.Secret, map[string]*Certificate, error)

+ func GenerateClusterSecrets(ctx context.Context, k8sClusterClient client.Client, ...) (map[string]*corev1.Secret, error)

+ func GenerateClusterSecretsWithFunc(ctx context.Context, k8sClusterClient client.Client, ...) (map[string]*corev1.Secret, error)

+ type Certificate struct

+ CA *Certificate

+ Certificate *x509.Certificate

+ CertificatePEM []byte

+ Name string

+ PrivateKey *rsa.PrivateKey

+ PrivateKeyPEM []byte

+ func LoadCAFromSecret(k8sClient client.Client, namespace, name string, pkcs int) (*corev1.Secret, *Certificate, error)

+ func LoadCertificate(name string, privateKeyPEM, certificatePEM []byte, pkcs int) (*Certificate, error)

+ func SelfGenerateTLSServerCertificate(name string, dnsNames []string) (*Certificate, string, error)

+ func (c *Certificate) SecretData() map[string][]byte

+ type CertificateInfoData struct

+ Certificate []byte

+ PrivateKey []byte

+ func NewCertificateInfoData(privateKey, certificate []byte) *CertificateInfoData

+ func (c *CertificateInfoData) Marshal() ([]byte, error)

+ func (c *CertificateInfoData) TypeVersion() TypeVersion

+ type CertificateJSONData struct

+ Certificate []byte

+ PrivateKey []byte

+ type CertificateSecretConfig struct

+ CertType certType

+ CommonName string

+ DNSNames []string

+ IPAddresses []net.IP

+ Name string

+ Organization []string

+ PKCS int

+ SigningCA *Certificate

+ Validity *time.Duration

+ func (s *CertificateSecretConfig) Generate() (DataInterface, error)

+ func (s *CertificateSecretConfig) GenerateCertificate() (*Certificate, error)

+ func (s *CertificateSecretConfig) GenerateFromInfoData(infoData InfoData) (DataInterface, error)

+ func (s *CertificateSecretConfig) GenerateInfoData() (InfoData, error)

+ func (s *CertificateSecretConfig) GetName() string

+ func (s *CertificateSecretConfig) LoadFromSecretData(secretData map[string][]byte) (InfoData, error)

+ type ConfigInterface interface

+ Generate func() (DataInterface, error)

+ GenerateFromInfoData func(infoData InfoData) (DataInterface, error)

+ GenerateInfoData func() (InfoData, error)

+ GetName func() string

+ type DataInterface interface

+ SecretData func() map[string][]byte

+ type InfoData interface

+ Marshal func() ([]byte, error)

+ TypeVersion func() TypeVersion

+ func UnmarshalCert(bytes []byte) (InfoData, error)

+ func UnmarshalPrivateKey(bytes []byte) (InfoData, error)

+ type Interface interface

+ Delete func(context.Context, client.Client, string) error

+ Deploy func(context.Context, client.Client, string) (map[string]*corev1.Secret, error)

+ type PrivateKeyInfoData struct

+ PrivateKey []byte

+ func NewPrivateKeyInfoData(privateKey []byte) *PrivateKeyInfoData

+ func (r *PrivateKeyInfoData) Marshal() ([]byte, error)

+ func (r *PrivateKeyInfoData) TypeVersion() TypeVersion

+ type PrivateKeyJSONData struct

+ PrivateKey []byte

+ type RSAKeys struct

+ Name string

+ OpenSSHAuthorizedKey []byte

+ PrivateKey *rsa.PrivateKey

+ PublicKey *rsa.PublicKey

+ func (r *RSAKeys) SecretData() map[string][]byte

+ type RSASecretConfig struct

+ Bits int

+ Name string

+ UsedForSSH bool

+ func (s *RSASecretConfig) Generate() (DataInterface, error)

+ func (s *RSASecretConfig) GenerateFromInfoData(infoData InfoData) (DataInterface, error)

+ func (s *RSASecretConfig) GenerateInfoData() (InfoData, error)

+ func (s *RSASecretConfig) GenerateRSAKeys() (*RSAKeys, error)

+ func (s *RSASecretConfig) GetName() string

+ func (s *RSASecretConfig) LoadFromSecretData(secretData map[string][]byte) (InfoData, error)

+ type Secrets struct

+ CertificateSecretConfigs map[string]*CertificateSecretConfig

+ SecretConfigsFunc func(map[string]*Certificate, string) []ConfigInterface

+ func (s *Secrets) Delete(ctx context.Context, c client.Client, namespace string) error

+ func (s *Secrets) Deploy(ctx context.Context, c client.Client, namespace string, pkcs int) (map[string]*corev1.Secret, error)

+ type TypeVersion string

+ type Unmarshaller func(data []byte) (InfoData, error)

+ func GetUnmarshaller(typeName TypeVersion) Unmarshaller