EdgeCA is an ephemeral, in-memory CA providing service mesh machine identities, automating the management and issuance of TLS certificates.
It provides developers with a fast, easy, and integrated source of machine identities whilst also providing security teams with the required policy and oversight.
It also enables ephemeral certificate-based authorization, which reduces the need for permanent access credentials, explicit access revocation or traditional SSH key management.
It is easy to install and simple to use.
edgeca serverstarts up EdgeCA as a server, which supports mTLS gRPC, GraphQL+JWT and Envoy SDS as different ways of providing machine identities.
edgeca gencsrgenerates a CSR file
edgeca gencertconnects to the EdgeCA Server using mTLS gRPC to sign a CSR request and provide a certificate and private key.
EdgeCA can run in a number of modes.
Other features include SoftHSM support.
EdgeCA is a flexible open source solution, written in Go, and licenced with the Apache 2.0 Licence
For more information see the EdgeCA Wiki pages or watch the EdgeCA Youtube playlist
The easiest way to install the application is to use snaps
snap install edgeca
Alternatively, use Docker
docker pull edgesec/edgeca
or build EdgeCA from source:
git clone https://github.com/edgesec-org/edgeca.git cd edgeca make
EdgeCA is an open source project currently in early development stages. We welcome and appreciate all contributions from the developer community. Please read our documentation on contributing for more information. To report a problem or share an idea, create an Issue and then use Pull Requests to contribute bug fixes or proposed enhancements. Got questions? Join us on Slack!
Copyright 2020-2021 © EdgeSec Ltd. All rights reserved.
EdgeCA is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.