# ReactorCA: Homelab/SOHO Certificate Authority with Age Encryption and Deployment This repository profile is provided by osrepos.com, an open source repository discovery platform. Source: osrepos.com Repository profile: https://osrepos.com/repo/serpent213-reactor-ca Generated for open source discovery and AI-assisted research. ReactorCA is a robust Go CLI tool designed for managing a Certificate Authority in homelab or small-office environments. It streamlines the process of issuing, renewing, and deploying TLS certificates for internal services and devices. A key feature is its use of `age` encryption for securely managing private keys, simplifying certificate lifecycle management amidst increasingly shorter validity periods. GitHub: https://github.com/serpent213/reactor-ca OSRepos URL: https://osrepos.com/repo/serpent213-reactor-ca ## Summary ReactorCA is a robust Go CLI tool designed for managing a Certificate Authority in homelab or small-office environments. It streamlines the process of issuing, renewing, and deploying TLS certificates for internal services and devices. A key feature is its use of `age` encryption for securely managing private keys, simplifying certificate lifecycle management amidst increasingly shorter validity periods. ## Topics - certificates - homelab - tls-certificate - x509 - Go - security - devops - cli-tool ## Repository Information Last analyzed by OSRepos: Thu Mar 05 2026 08:23:46 GMT+0000 (Western European Standard Time) Detail views: 1 GitHub clicks: 4 ## Safety Notice OSRepos shares public repositories for knowledge and discovery only. Review source code, dependencies, licenses, and security implications before running or installing anything. ## Content ## Introduction ReactorCA is a command-line interface (CLI) tool written in Go, specifically tailored for setting up and managing a Certificate Authority (CA) within homelab or Small Office/Home Office (SOHO) setups. It addresses the growing challenge of managing TLS certificates for internal services, especially with modern browsers and CAs enforcing shorter certificate validity periods. This tool simplifies the entire certificate lifecycle, from initial CA creation to issuing, renewing, and deploying host certificates. Its standout feature is the secure management of private keys using `age` encryption, allowing for configuration and CA stores to be safely version-controlled, for example, within a Git repository. ## Installation Getting ReactorCA up and running is straightforward. You can either download pre-built binaries or compile it from source. **Pre-built Binaries** The easiest way to install ReactorCA is to download the latest release for your operating system from the official GitHub releases page: [ReactorCA Releases](https://github.com/serpent213/reactor-ca/releases){:target="_blank"} **Build from Source** If you prefer to build from source, ensure you have Go installed, then follow these steps: bash git clone https://github.com/serpent213/reactor-ca.git cd reactor-ca go build -o ca ./cmd/ca ## Examples Here's a quick start guide to demonstrate the core functionalities of ReactorCA: **1. Initialize Configuration** First, create the default configuration files: bash ca init ReactorCA intelligently detects your SSH keys to configure encryption, falling back to password-based encryption if no SSH keys are found. **2. Create CA Certificate** After customizing `config/ca.yaml`, create your self-signed CA: bash ca ca create Remember to install this root CA certificate on all client devices that need to trust your internal hosts. **3. Issue Host Certificate** To issue a certificate for a host defined in `config/hosts.yaml`: bash ca host issue web-server-example **4. List Certificates** View all managed certificates and their expiration dates: bash ca host list **5. Export and Deploy Certificates** ReactorCA allows flexible export and deployment. You can issue and deploy in one go: bash ca host issue web-server-example --deploy Or deploy independently after issuance: bash ca host deploy web-server-example For more detailed examples and advanced workflows, refer to the project's comprehensive documentation. ## Why Use It? ReactorCA stands out for several reasons, making it an excellent choice for homelab and SOHO environments: * **Simplified Certificate Management**: It provides a "one-button" solution for reissuing and deploying certificates, crucial given the trend towards shorter certificate lifespans. * **Centralized Key Management**: Unlike traditional CA flows that rely on Certificate Signing Requests (CSRs), ReactorCA manages all private keys centrally, simplifying operations. * **Strong Key Protection**: Private keys are securely encrypted using the modern `age` encryption standard, supporting password, SSH key, and hardware token-based protection. This allows for safe storage of your CA store and configuration in version control systems like Git. * **Modern and Efficient**: Built with Go, it compiles into a single, statically-linked binary with no runtime dependencies, making it easy to deploy. * **Comprehensive Features**: Includes certificate inventory, expiration tracking, flexible deployment scripts, and extensive X.509 extension configuration. ## Links * **GitHub Repository**: [https://github.com/serpent213/reactor-ca](https://github.com/serpent213/reactor-ca){:target="_blank"} * **Releases Page**: [https://github.com/serpent213/reactor-ca/releases](https://github.com/serpent213/reactor-ca/releases){:target="_blank"} * **Go Reference**: [https://pkg.go.dev/reactor.de/reactor-ca](https://pkg.go.dev/reactor.de/reactor-ca){:target="_blank"} * **Age Encryption Project**: [https://age-encryption.org/](https://age-encryption.org/){:target="_blank"}