Public | Automated Build

Last pushed: 3 years ago
Short Description
Generate Certs for dockerDaemon Security
Full Description


FROM shastafareye/bash -
Baseimage built with gentoobb base builder kit

VOLUME /docker-keys
ENTRYPOINT /usr/local/bin/

Source available on github:
Automated Build on Dockerhub from Github Sources:

mostly "stock" gentoobb / gentoo-base-builder
Uses Sven's generate_cert.go prebuilt for linux script adapted from Sven's original

Binaries are built with the included Dockerfiles and
Makefile:dockerbuild included in the generate_cert project.


docker run -it --rm -v $(pwd)/my-keys:/docker-keys shastafareye/docker-daemon-tlsgen
This will

  • mount your current directory into /docker-keys
  • look for a CA certificate and key
  • make a new CA if needed
  • use your existing CA if present in correct form
  • stop if you're missing either CA cert or CA Key
  • And then it will ask you if you'd like a Client or Server Cert and make one for you

Server certs require a servername and IP address
Client certs require a name
Script will bail if your chosen name exists.

Error checking is not exhaustive, make backups ;)

Use as a Dataonly-Volume:

docker run --name docker_tlsfiles -v /docker-keys shastafareye/docker-daemon-tlsgen echo TLSKeyData

Use the Datavolume:

docker run -it --rm --volumes-from docker_tlsfiles shastafareye/docker-daemon-tlsgen

Backup keys from Volume:

docker run -it --rm \
--name tlsfiles_backup \
--volumes-from docker_tlsfiles \
-v $(pwd):/backup \
shastafareye/docker-daemon-tlsgen \
tar -cpvf /backup/docker-keys.tar /docker-keys

Build Yourself (from source)

git clone
cd generate_cert
make dockerbuild
cp generate_cert-0.1-linux-amd64 generate_cert
git clone
rm docker-daemon-tlsgen/usr/local/bin/generate_cert
cp -av generate_cert-0.1-linux-amd64 docker-daemon-tlsgen/usr/local/bin/generate_cert
cd docker-daemon-tlsgen
docker build -t REPO/docker-daemon-tlsgen

Security of certificates and proper usages with Docker Client & Daemon is an exercise for the reader!

Docker Pull Command