Bootstrap existing PKI with docker image

[habukarlmco]

Hey all!

I am interested in utilizing step-ca to work as an ACME server to automate certificate management for a handful of services. I would like to use the image and pair it with a docker-compose file to take care of the standup/configuration of it. I was able to manually go through and work through these steps and it worked like a charm. However, it does require me to start/stop the service in order to get things where I would like. I was just curious if there is a one-shot way using the image that I could preconfigure the deployment to have all the necessary things to go ahead and use my PKI I provide. Just curious if anybody out there in the community has done something similar.

Thanks in advance!

[tashian]

Hi!

The docker image for step-ca ships with an entrypoint script that accepts some environment variables for CA setup. But it doesn't support importing an external PKI.

You'll probably need to write a Bash script that can run setup steps when the container starts for the first time. Take a look at this comment that offers some options for adding init code to the Docker image.

Another option is to do your setup steps using a Bash script from the host side, rather than inside the container. This comment gives an example of how that could work.

Hope this helps!