Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

certificates

package

Go to main page

Versions in this module

v1

v1.0.4

Dec 11, 2025

v1.0.3

Dec 1, 2025

v1.0.2

Nov 25, 2025

v1.0.1

Nov 25, 2025

v1.0.0

Sep 18, 2025

Changes in this version

+ const CACert

+ const CertificateDataType

+ const ClientCert

+ const DataKeyCertificate

+ const DataKeyCertificateCA

+ const DataKeyPrivateKey

+ const DataKeyPrivateKeyCA

+ const DataKeyRSAPrivateKey

+ const DataKeySSHAuthorizedKeys

+ const PKCS1

+ const PKCS8

+ const PrivateKeyDataType

+ const ServerCert

+ const ServerClientCert

+ const TemporaryDirectoryForSelfGeneratedTLSCertificatesPattern

+ var EmptyInfoData = &emptyInfoData

+ func DecodeCertificate(bytes []byte) (*x509.Certificate, error)

+ func DecodePrivateKey(bytes []byte) (*rsa.PrivateKey, error)

+ func DecodeRSAPrivateKeyFromPKCS8(bytes []byte) (*rsa.PrivateKey, error)

+ func EncodeCertificate(certificate []byte) []byte

+ func EncodePrivateKey(key *rsa.PrivateKey) []byte

+ func EncodePrivateKeyInPKCS8(key *rsa.PrivateKey) ([]byte, error)

+ func GenerateCertificateAuthorities(k8sClusterClient client.Client, existingSecretsMap map[string]*corev1.Secret, ...) (map[string]*corev1.Secret, map[string]*Certificate, error)

+ func GenerateClusterSecrets(ctx context.Context, k8sClusterClient client.Client, ...) (map[string]*corev1.Secret, error)

+ func GenerateClusterSecretsWithFunc(ctx context.Context, k8sClusterClient client.Client, ...) (map[string]*corev1.Secret, error)

+ type Certificate struct

+ CA *Certificate

+ Certificate *x509.Certificate

+ CertificatePEM []byte

+ Name string

+ PrivateKey *rsa.PrivateKey

+ PrivateKeyPEM []byte

+ func LoadCAFromSecret(k8sClient client.Client, namespace, name string, pkcs int) (*corev1.Secret, *Certificate, error)

+ func LoadCertificate(name string, privateKeyPEM, certificatePEM []byte, pkcs int) (*Certificate, error)

+ func SelfGenerateTLSServerCertificate(name string, dnsNames []string) (*Certificate, string, error)

+ func (c *Certificate) SecretData() map[string][]byte

+ type CertificateInfoData struct

+ Certificate []byte

+ PrivateKey []byte

+ func NewCertificateInfoData(privateKey, certificate []byte) *CertificateInfoData

+ func (c *CertificateInfoData) Marshal() ([]byte, error)

+ func (c *CertificateInfoData) TypeVersion() TypeVersion

+ type CertificateJSONData struct

+ Certificate []byte

+ PrivateKey []byte

+ type CertificateSecretConfig struct

+ CertType certType

+ CommonName string

+ DNSNames []string

+ IPAddresses []net.IP

+ Name string

+ Organization []string

+ PKCS int

+ SigningCA *Certificate

+ Validity *time.Duration

+ func (s *CertificateSecretConfig) Generate() (DataInterface, error)

+ func (s *CertificateSecretConfig) GenerateCertificate() (*Certificate, error)

+ func (s *CertificateSecretConfig) GenerateFromInfoData(infoData InfoData) (DataInterface, error)

+ func (s *CertificateSecretConfig) GenerateInfoData() (InfoData, error)

+ func (s *CertificateSecretConfig) GetName() string

+ func (s *CertificateSecretConfig) LoadFromSecretData(secretData map[string][]byte) (InfoData, error)

+ type ConfigInterface interface

+ Generate func() (DataInterface, error)

+ GenerateFromInfoData func(infoData InfoData) (DataInterface, error)

+ GenerateInfoData func() (InfoData, error)

+ GetName func() string

+ type DataInterface interface

+ SecretData func() map[string][]byte

+ type InfoData interface

+ Marshal func() ([]byte, error)

+ TypeVersion func() TypeVersion

+ func UnmarshalCert(bytes []byte) (InfoData, error)

+ func UnmarshalPrivateKey(bytes []byte) (InfoData, error)

+ type Interface interface

+ Delete func(context.Context, client.Client, string) error

+ Deploy func(context.Context, client.Client, string) (map[string]*corev1.Secret, error)

+ type PrivateKeyInfoData struct

+ PrivateKey []byte

+ func NewPrivateKeyInfoData(privateKey []byte) *PrivateKeyInfoData

+ func (r *PrivateKeyInfoData) Marshal() ([]byte, error)

+ func (r *PrivateKeyInfoData) TypeVersion() TypeVersion

+ type PrivateKeyJSONData struct

+ PrivateKey []byte

+ type RSAKeys struct

+ Name string

+ OpenSSHAuthorizedKey []byte

+ PrivateKey *rsa.PrivateKey

+ PublicKey *rsa.PublicKey

+ func (r *RSAKeys) SecretData() map[string][]byte

+ type RSASecretConfig struct

+ Bits int

+ Name string

+ UsedForSSH bool

+ func (s *RSASecretConfig) Generate() (DataInterface, error)

+ func (s *RSASecretConfig) GenerateFromInfoData(infoData InfoData) (DataInterface, error)

+ func (s *RSASecretConfig) GenerateInfoData() (InfoData, error)

+ func (s *RSASecretConfig) GenerateRSAKeys() (*RSAKeys, error)

+ func (s *RSASecretConfig) GetName() string

+ func (s *RSASecretConfig) LoadFromSecretData(secretData map[string][]byte) (InfoData, error)

+ type Secrets struct

+ CertificateSecretConfigs map[string]*CertificateSecretConfig

+ SecretConfigsFunc func(map[string]*Certificate, string) []ConfigInterface

+ func (s *Secrets) Delete(ctx context.Context, c client.Client, namespace string) error

+ func (s *Secrets) Deploy(ctx context.Context, c client.Client, namespace string, pkcs int) (map[string]*corev1.Secret, error)

+ type TypeVersion string

+ type Unmarshaller func(data []byte) (InfoData, error)

+ func GetUnmarshaller(typeName TypeVersion) Unmarshaller