This library is an attempt to normalize identity configuration for various ziti components.
It is expected that identity configuration is stored in JSON format and mapped to identity.IdentityConfig type
{
"id": {
"key": "file://{path}",
"cert": "file://{path}",
"server_cert": "file://{path}" // optional
"ca": "file://{path}" // optional
}
}It allows different ways of specifying private keys and certificates
- from file
"key": "file://{path to key PEM file}", or"key": "{path to key PEM file}". Note, latter version supports relative paths - inline
"key": "pem:------BEGIN EC PRIVATE KEY-----...." - engine for HW token support
"key": "engine:{engine_id}?{engine options}"
Applied to both ID/client and server certificates, as well as CA bundle config
- from file
"cert": "file://{path to cert PEM file}", or"server_cert": "{path to key PEM file}". Note, latter version supports relative paths - inline
"cert": "pem:------BEGIN CERTIFICATE-----...."
Once IdentityConfig is loaded, it could be used to acquire actual TLS credentials
idCfg := cfg.ID // load config from somewhere
id, err := identity.LoadIdentity(idCfg)
cltCert = id.Cert() // tls.Certificate