Rafiki is a CLI tool for securely storing SSL and RSA files in a local SQLite3 Database. Imported files are first encrypted using GPG and then stored in the database along with an identifying key (ie. CommonName for CSRs, etc..)
The database will be created when Rafiki is run for the first time and can be re-located and referenced by Rafiki using the --db flag.
Note: The term 'key' is used throughout to refer to any/all types of files for simplicity's sake.
Ensure that your go bin is setup correctly GO-BIN
then run
go install github.com/adamar/rafiki./rafiki import --file=/loc/of/file
./rafiki list
./rafiki export
- SQLite v3+
- Go 1.3+
| Key Type | Identifier | Supported |
|---|---|---|
| SSL Certificate | Common Name | Yes |
| SSL Certificate Signing Request | Common Name | Yes |
| SSL RSA Private Key | MD5 Fingerprint | Yes |
| SSL ECDSA Private Key | MD5 Fingerprint | Yes |
| SSH RSA Private Key | - | No |
| SSH RSA Public Key | MD5 Fingerprint | Yes |
| SSH DSA Private Key | - | No |
| SSH DSA Public Key | MD5 Fingerprint | Yes |
| SSH ECDSA Private Key | - | No |
| SSH ECDSA Public Key | MD5 Fingerprint | Yes |
| PGP Private Key | - | No |
| PGP Public Key | Public Fingerprint | Yes |
Print Public Key Fingerprint
ssh-keygen -lf /path/to/key.pubPrint CSR Info
openssl req -in domain.com.csr -text -nooutShow CSR Public Key
openssl req -in domain.com.csr -noout -pubkeyShow an RSA Key's SHA1 thumbprint
openssl rsa -noout -modulus -in your-private.key | openssl sha1Show an RSA Key's MD5 thumbprint
openssl rsa -noout -modulus -in your-private.key | openssl md5- ReWrite of internals, the program flow is a mess at the moment
- Write more tests
- Add more error checking
- Better text layout
- Print out file details on import & export
- Add (unautheticated) option to profile a key
- Add sub command to "List" option to filter on key type
- Add API Key file type definition
- Flatten file structure
- Move File checking from import to its own function
- CSR FAQ - Certificate Signing Request FAQ