Show HN: Abusing a GitHub repo as a private certificate authority

26 points

2 years ago

I tend to create a private certificate authority for every side project, in order to create TLS certs for local development. I find it useful to have local development closely resemble production when at all possible, and "real" certificates are an important element.

Anyway I got tired of having these CA private keys on my local machine, especially as I started thinking about setting up a private CA for my company (https://riza.io). So I started thinking about what the simplest way to host a private CA might be.

You really only need two things: 1) secret storage, to hold the CA's private key, and 2) a computer with access to the secret that can run openssl.

It turns out that a GitHub repository has secret storage, and GitHub Actions provides a computer with access to that secret storage which can run openssl.

So I made a GitHub repo with a stupid-simple workflow and a couple of convenience shell scripts to use as a private CA. I've already used it as a template repo to host private CA's for my projects, and thought it might be useful to others.

7 comments