AltNet CA Webhooks
  • Python 98.5%
  • Dockerfile 1.5%
Find a file
2026-07-11 11:22:23 +02:00
altnet-ca-webhooks Rework plugins and re-organise endpoints 2026-07-11 11:22:23 +02:00
.gitignore Initial commit (splitting webhooks from https://git.alt.tf/bcollet/step-ca-inspector) 2026-07-06 08:50:46 +02:00
config.yaml.dist Initial commit (splitting webhooks from https://git.alt.tf/bcollet/step-ca-inspector) 2026-07-06 08:50:46 +02:00
Dockerfile Update dockerfile 2026-07-06 11:20:11 +02:00
LICENSE Initial commit (splitting webhooks from https://git.alt.tf/bcollet/step-ca-inspector) 2026-07-06 08:50:46 +02:00
pyproject.toml Initial commit (splitting webhooks from https://git.alt.tf/bcollet/step-ca-inspector) 2026-07-06 08:50:46 +02:00
README.md Rework plugins and re-organise endpoints 2026-07-11 11:22:23 +02:00
requirements.txt Initial commit (splitting webhooks from https://git.alt.tf/bcollet/step-ca-inspector) 2026-07-06 08:50:46 +02:00

AltNet CA webhooks

AltNet CA webhooks is a webhook endpoint for certificate validation. Currently the following validation plugins are available:

  • acme_da_hashicorp_vault: validate an ACME Device Attestation signing request against a static configuration.
  • acme_da_static: validate an ACME Device Attestation signing request against data present in a Hashicorp Vault instance.
  • scep_hashicorp_vault: validate a SCEP challenge and certificate signing request data against data present in a Hashicorp Vault instance.
  • scep_static: validate a SCEP challenge and certificate signing request data against a static configuration.
  • x5c_ssh_altnet: validate an SSH certificate requests against an attached x5c JWT.
  • yubikey_embedded_attestation: validate a Yubikey attestation cross-signature (as added to the certificate signing request by yubico-piv-tool --attestation) and check it against configured pin and touch policies.

Quick start

cd altnet-ca-webhooks
export ALTNET_CA_WEBHOOKS_LOGLEVEL=DEBUG
export ALTNET_CA_WEBHOOKS_CONFIGURATION=../config.yaml
uvicorn main:app --reload

API endpoints

OpenAPI (formerly Swagger) documentation is available at /docs. Alternatively, Redocly documentation is available at /redoc.