starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 07:10:34 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Add hook callback before privkey loading, e.g. "preload_cert" #358

New Issue
Closed
opened 2025-12-29 01:23:39 +01:00 by adam · 1 comment
adam commented 2025-12-29 01:23:39 +01:00
Owner
Copy Link

Originally created by @nyurik on GitHub (Jun 27, 2018).

In some cases, an external storage is used to keep the keys between runs, e.g. a HashiCrop's Vault. In order to use it, the certs/ dir needs to be restored for the specific domains that are being validated. Please add a new hook, e.g. this code, to allow for this to happen. I am not a bash expert, so there might be a need of some wrapper code to prevent older hooks from failing. Thx!

This code should be placed after certs dir is created, but before it loads any data from it: 10d4b98e7f/dehydrated (L1195)

    # allow hook to restore certificate state right before we load it
    [[ -n "${HOOK}" ]] && "${HOOK}" "preload_cert" "${domain}" "${certdir}"
Originally created by @nyurik on GitHub (Jun 27, 2018). In some cases, an external storage is used to keep the keys between runs, e.g. a HashiCrop's Vault. In order to use it, the `certs/` dir needs to be restored for the specific domains that are being validated. Please add a new hook, e.g. this code, to allow for this to happen. I am not a bash expert, so there might be a need of some wrapper code to prevent older hooks from failing. Thx! This code should be placed after certs dir is created, but before it loads any data from it: https://github.com/lukas2511/dehydrated/blob/10d4b98e7f1e2c5e0e5b16b0896aa7180e5a88f5/dehydrated#L1195 ```bash # allow hook to restore certificate state right before we load it [[ -n "${HOOK}" ]] && "${HOOK}" "preload_cert" "${domain}" "${certdir}" ```
adam closed this issue 2025-12-29 01:23:39 +01:00
adam commented 2025-12-29 01:23:39 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Dec 11, 2020):

This seems like a very niche use case to me and I'm guessing that this behavior could simply be implemented using a wrapper script or during the startup hook, especially since dehydrated would call it for every single certificate anyways, might as well do it in batch.

@lukas2511 commented on GitHub (Dec 11, 2020): This seems like a very niche use case to me and I'm guessing that this behavior could simply be implemented using a wrapper script or during the startup hook, especially since dehydrated would call it for every single certificate anyways, might as well do it in batch.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#358
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?