Skip to content

Automated Certificates

Overview

Skpr provisions and deploys certificates automatically to reduce friction and improve an applications security posture.

  • Development teams do not need to provision and provide Skpr with a certificate. This process can take days.
  • Applications are secure by default.
  • Certificates are managed by AWS ACM. This means even the Skpr platform team do not have access to the actual certificate (private key).

Usage

Defaults

Each environment is provided with a default domain and certificate automatically.

  • Production - ENV.PROJECT.CLUSTER.skpr.dev
  • Non Production - ENV.PROJECT.CLUSTER.skpr.live

Configuring an environment

As extra routes are added to an environment (see below), Skpr will automatically provision and deploy a new certificate.

ingress:
  routes:
    - example.com
    - www.example.com

As more routes/domains are added, developers will be required to take steps to validate new certificates.

Validating a Certificate

To check the status of a certificate, run the following command.

$ skpr info dev

Certificates:
--------------------------
Status: ISSUED
Name:   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.example.com.
Type:   CNAME
Value:  yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyyyyyyyyy.acm-validations.aws.

Status: ISSUED
Name:   xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.www.example.com.
Type:   CNAME
Value:  yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.yyyyyyyyyy.acm-validations.aws.

This information is then used to create DNS validation records on the required domains.

Once these records are added, they will then be validated by AWS ACM and deployed to the new environment.

Validation typically takes 30 minutes.