Browse files

Rewrote README to be more sane.

  • Loading branch information...
jamtur01 committed Jul 16, 2012
1 parent dd722ca commit 16fac601b5bb2fdc5109fa6dc18eae4f9e5ad798
Showing with 12 additions and 5 deletions.
  1. +12 −5
@@ -1,16 +1,23 @@
# PSigner
-**PSigner** is a [sinatra]( app/middleware that
-can be run standalone app or required as a gem. It allows the remote
-signing of Puppet client certificates via an API call, by passing the
+**PSigner** is a [sinatra]( application that allows you to sign and
+delete [Puppet]( certificates via a simple web service. It is
+designed as an example prototype to show you how you can use an automatic signing and deleting
+process with a simple shared secret when (de-)provisioning hosts.
+NOTE: You could also do this directly via the Puppet API but that requires SSL authentication.
+This is less secure but potentially somewhat simpler.
+## Signing a new certificate
+It allows the remote signing of Puppet client certificates via an API call, by passing the
`certname` to be signed and the shared secret as the value of the
`secret` parameter.
- $ curl -d "secret=SHAREDSECRET&certname=bob" http://localhost:4567/api/sign
+ $ curl -d 'secret=SHAREDSECRET' -d 'certname=bob' -X POST http://localhost:4567/api/cert
You can configure the shared secret via the `config.yml` file in the `config` directory.
-## Cleaning out an old cert
+## Cleaning out an old certificate
To revoke and remove a cert from Puppet's CA
$ curl -d 'secret=SHAREDSECRET' -d 'certname=bob' -X DELETE http://localhost:4567/api/cert

0 comments on commit 16fac60

Please sign in to comment.