opentdf
Add provision command to generate certs
There are a number of certs which are needed to spin up the OpenTDF platform. For proof-of-value mode it is convenient to generate certs for local-development -- these are typically self-signed.
When it comes to production deployment, most of these certs need / will be managed by a separate cert manager. (i.e. https://github.com/openbao/openbao)
To improve the experience of contributors and consumers alike as well as reducing the prerequisites and maintenance we should move our cert management from Bash + OS specific scripts into a Go command.
There is already a fantastic tool https://github.com/FiloSottile/mkcert which has solved a lot of these problems. Since this is a Go tool we could extend this to generate self-signed certs for our services as well as certs for KAS.
Acceptance Criteria
- draft an interactive
opentdf provision certscommand- This command should use https://github.com/charmbracelet/huh to guide the user through the process of provisioning certs for
- grpc services
- keycloak
- kas keys (RSA + ECC)
- This command should use https://github.com/charmbracelet/huh to guide the user through the process of provisioning certs for
- draft a
opentdf provision certs kas [flags] [<args>] - draft a
opentdf provision certs x509 [flags] [<args>] - draft a
opentdf provision cert ca [flags] [<args>]
This should not have been closed and is still necessary for maintainability.
