A Self-Signed SSL Certificate Issuance and Management Platform
δΈζ | English
CertVault is a platform designed to automate the issuance, management, and lifecycle control of self-signed SSL/TLS certificates. It provides a modular architecture with features including CA certificate creation, SSL certificate issuance/renewal, detailed metadata management, RBAC-based permissions, and multi-environment deployment capabilities. The platform is built with a decoupled frontend/backend architecture using Vue.js 3 and Spring Boot 3, supporting MySQL/PostgreSQL databases and offering deployment solutions via Docker Compose and Helm Charts for Kubernetes environments. Built-in Prometheus metrics and OIDC authentication ensure robust observability and security compliance.
| Dashboard | CA Certificate Management |
 |
 |
| SSL Certificate Management | User Management |
 |
 |
The platform was developed to address critical challenges in self-signed certificate management:
- Operational Complexity: Manual processes for certificate lifecycle management lead to human errors and inefficiencies in tracking expiration dates and permissions.
- Security Gaps: Lack of centralized encryption storage and standardized access control increases risk of credential leakage.
- Scalability Limitations: Traditional tools fail to adapt to modern infrastructure requirements like multi-cloud deployments and database heterogeneity.
- Audit Deficiencies: Absence of audit trails complicates compliance with security regulations and troubleshooting.
Key design objectives:
- π Automation First: Implement API-driven workflows for certificate generation and renewal
- π Security by Default: Sensitive data is stored using encrypted storage, integrated with OIDC authentication system, and achieves fine-grained RBAC permission control.
- π Infrastructure Flexibility: Supports Docker/Kubernetes multienvironment deployment, compatible with mainstream database systems
- π Observability: Prometheus metrics for certificate expiration warnings and system performance monitoring
- π€ Community-Driven: Open API specifications and modular architecture encourage third-party integration and ecosystem growth
This platform is ideal for organizations needing centralized certificate management in DevOps workflows, microservices architectures, and IoT device ecosystems where secure communication is critical.
- π Certificate Management
Supports self-signed CA creation, SSL certificate issuance, certificate details viewing, comment editing, export, and renewal - π User Permissions
RBAC-based access control with role binding, user role management, and audit logs - π Multi-Environment Deployment
MySQL/PostgreSQL database support, Docker Compose and Helm Chart deployment solutions - π Monitoring Integration
Prometheus metrics for monitoring integration with Grafana - π Security Enhancements
OIDC authentication, encrypted sensitive data storage, and granular API permissions
- Vue.js 3 + Vite
- PrimeVue UI components
- TailwindCSS responsive styling
- TypeScript typed development
- Java 17 + Spring Boot 3
- MyBatis-Plus ORM framework
- Druid database connection pool
- Redis caching service
- Helm Chart Kubernetes deployment
- Kubernetes orchestration
- Prometheus monitoring metrics
- Traditional/OIDC authentication
- MySQL/PostgreSQL database
- Docker
- Docker Compose
git clone https://github.com/gregPerlinLi/CertVault.git
cd docker-compose
docker compose -f docker-compose-with-postgres-redis.yml up -d- How to deployment
- How to use
- CertVault CLI: A CLI tool for CertVault Platform
- CertVault Charts: Helm Charts for CertVault Platform
- CertVault API Docs: API documentation for CertVault Platform
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star!
Please read CODE_OF_CONDUCT.md for details on our code of conduct, and the process for submitting pull requests to us.
See SECURITY.md for more information.
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.