DatagroutConduit.Identity (DataGrout Conduit v0.5.0)

@type t() :: %DatagroutConduit.Identity{
  ca_path: String.t() | nil,
  ca_pem: binary() | nil,
  cert_path: String.t() | nil,
  cert_pem: binary() | nil,
  key_path: String.t() | nil,
  key_pem: binary() | nil
}

Functions

from_env()

@spec from_env() :: {:ok, t()} | {:error, :not_found}

Creates an identity from CONDUIT_MTLS_CERT and CONDUIT_MTLS_KEY environment variables containing PEM data directly.

from_paths(cert_path, key_path, ca_path \\ nil)

@spec from_paths(String.t(), String.t(), String.t() | nil) ::
  {:ok, t()} | {:error, term()}

Creates an identity from explicit file paths.

from_pem(cert_pem, key_pem, ca_pem \\ nil)

@spec from_pem(binary(), binary(), binary() | nil) :: {:ok, t()} | {:error, term()}

Creates an identity from PEM-encoded binaries.

needs_rotation?(identity, opts \\ [])

@spec needs_rotation?(
  t(),
  keyword()
) :: boolean()

Returns true if the identity's certificate will expire within the given threshold.

Options

:threshold_days - number of days before expiry to trigger (default: 30)

try_discover(opts \\ [])

@spec try_discover(keyword()) :: t() | nil

Attempts to discover mTLS identity from the filesystem and environment.

Returns %Identity{} if found, nil otherwise.

Options

:override_dir - directory to search first (highest priority)