{"name":"ReactorCA: Homelab/SOHO Certificate Authority with Age Encryption and Deployment","description":"ReactorCA is a robust Go CLI tool designed for managing a Certificate Authority in homelab or small-office environments. It streamlines the process of issuing, renewing, and deploying TLS certificates for internal services and devices. A key feature is its use of `age` encryption for securely managing private keys, simplifying certificate lifecycle management amidst increasingly shorter validity periods.","github":"https://github.com/serpent213/reactor-ca","url":"https://osrepos.com/repo/serpent213-reactor-ca","source":"osrepos.com","sourceDescription":"This repository profile is provided by osrepos.com, an open source repository discovery platform.","repositoryProfile":"https://osrepos.com/repo/serpent213-reactor-ca","generatedFor":"open source discovery and AI-assisted research","markdown":"https://osrepos.com/repo/serpent213-reactor-ca.md","json":"https://osrepos.com/repo/serpent213-reactor-ca.json","topics":["certificates","homelab","tls-certificate","x509","Go","security","devops","cli-tool"],"keywords":["certificates","homelab","tls-certificate","x509","Go","security","devops","cli-tool"],"stars":null,"summary":"ReactorCA is a robust Go CLI tool designed for managing a Certificate Authority in homelab or small-office environments. It streamlines the process of issuing, renewing, and deploying TLS certificates for internal services and devices. A key feature is its use of `age` encryption for securely managing private keys, simplifying certificate lifecycle management amidst increasingly shorter validity periods.","content":"## Introduction\n\nReactorCA is a command-line interface (CLI) tool written in Go, specifically tailored for setting up and managing a Certificate Authority (CA) within homelab or Small Office/Home Office (SOHO) setups. It addresses the growing challenge of managing TLS certificates for internal services, especially with modern browsers and CAs enforcing shorter certificate validity periods.\n\nThis tool simplifies the entire certificate lifecycle, from initial CA creation to issuing, renewing, and deploying host certificates. Its standout feature is the secure management of private keys using `age` encryption, allowing for configuration and CA stores to be safely version-controlled, for example, within a Git repository.\n\n## Installation\n\nGetting ReactorCA up and running is straightforward. You can either download pre-built binaries or compile it from source.\n\n**Pre-built Binaries**\n\nThe easiest way to install ReactorCA is to download the latest release for your operating system from the official GitHub releases page:\n\n[ReactorCA Releases](https://github.com/serpent213/reactor-ca/releases){:target=\"_blank\"}\n\n**Build from Source**\n\nIf you prefer to build from source, ensure you have Go installed, then follow these steps:\n\nbash\ngit clone https://github.com/serpent213/reactor-ca.git\ncd reactor-ca\ngo build -o ca ./cmd/ca\n\n\n## Examples\n\nHere's a quick start guide to demonstrate the core functionalities of ReactorCA:\n\n**1. Initialize Configuration**\n\nFirst, create the default configuration files:\n\nbash\nca init\n\n\nReactorCA intelligently detects your SSH keys to configure encryption, falling back to password-based encryption if no SSH keys are found.\n\n**2. Create CA Certificate**\n\nAfter customizing `config/ca.yaml`, create your self-signed CA:\n\nbash\nca ca create\n\n\nRemember to install this root CA certificate on all client devices that need to trust your internal hosts.\n\n**3. Issue Host Certificate**\n\nTo issue a certificate for a host defined in `config/hosts.yaml`:\n\nbash\nca host issue web-server-example\n\n\n**4. List Certificates**\n\nView all managed certificates and their expiration dates:\n\nbash\nca host list\n\n\n**5. Export and Deploy Certificates**\n\nReactorCA allows flexible export and deployment. You can issue and deploy in one go:\n\nbash\nca host issue web-server-example --deploy\n\n\nOr deploy independently after issuance:\n\nbash\nca host deploy web-server-example\n\n\nFor more detailed examples and advanced workflows, refer to the project's comprehensive documentation.\n\n## Why Use It?\n\nReactorCA stands out for several reasons, making it an excellent choice for homelab and SOHO environments:\n\n*   **Simplified Certificate Management**: It provides a \"one-button\" solution for reissuing and deploying certificates, crucial given the trend towards shorter certificate lifespans.\n*   **Centralized Key Management**: Unlike traditional CA flows that rely on Certificate Signing Requests (CSRs), ReactorCA manages all private keys centrally, simplifying operations.\n*   **Strong Key Protection**: Private keys are securely encrypted using the modern `age` encryption standard, supporting password, SSH key, and hardware token-based protection. This allows for safe storage of your CA store and configuration in version control systems like Git.\n*   **Modern and Efficient**: Built with Go, it compiles into a single, statically-linked binary with no runtime dependencies, making it easy to deploy.\n*   **Comprehensive Features**: Includes certificate inventory, expiration tracking, flexible deployment scripts, and extensive X.509 extension configuration.\n\n## Links\n\n*   **GitHub Repository**: [https://github.com/serpent213/reactor-ca](https://github.com/serpent213/reactor-ca){:target=\"_blank\"}\n*   **Releases Page**: [https://github.com/serpent213/reactor-ca/releases](https://github.com/serpent213/reactor-ca/releases){:target=\"_blank\"}\n*   **Go Reference**: [https://pkg.go.dev/reactor.de/reactor-ca](https://pkg.go.dev/reactor.de/reactor-ca){:target=\"_blank\"}\n*   **Age Encryption Project**: [https://age-encryption.org/](https://age-encryption.org/){:target=\"_blank\"}","metrics":{"detailViews":1,"githubClicks":4},"dates":{"published":null,"modified":"2026-03-05T08:23:46.000Z"}}