pgxmagic

pgxmagic is a pgx-driven implementation of certmagic.Storage designed to fit in to an existing golang+pgx codebase.

Godoc

Features

1. Uses an existing pgxpool: No need to maintain a separate database connection just for CertMagic
2. Session-level advisory locks: Uses pg_try_advisory_lock to handle distributed locking
3. Migrations are optional: Convenience method to do this for you, but only if you want.
4. Focus on correctness: Complete implementation of certmagic.Storage with a full test suite.
5. Optional encryption: An EncryptedStorage adapter exists to allow for encryption of values.

Usage

Create table

Optionally, add the following as a database migration. If you'd prefer not to, you can call storage.Migrate() to do this idempotently instead.

CREATE TABLE IF NOT EXISTS certmagic_data (
    key TEXT PRIMARY KEY,
    value bytea,
    modified timestamptz DEFAULT NOW()
);

Without encryption

Certificates are stored in the clear in the database

storage := pgxmagic.NewStorage(pool)
err := storage.Migrate(context.Background()) // Optional, or manually create table.

With encryption

Certificates are stored encrypted in the database -- in this case, encrypted with AES-256.

storage := pgxmagic.NewEncryptedStorage(
    pool,
    pgxmagic.NewAES256Encrypter("correct horse battery staple"),
)

Not supported yet

1. No Caddy plugin: This was built to slot into an existing go codebase that's using CertMagic directly. A plugin could easily be created if needed though.