Understanding the integration

The Sectigo SaltStack module hides the complexity of the SCM REST API by acting as an adapter between SaltStack and the Sectigo API. It enables you to request, renew, and revoke certificates on your master and minion nodes.

Components

The Sectigo SaltStack integration is based on the following components:

  • Python client library: This library handles the communication with the Sectigo REST API. This library is delivered as a component of the SaltStack module. It is not designed or delivered as a general-purpose library for Sectigo customers. The intended use for the SaltStack module is to be the only software component that is interacting with this library.

  • SaltStack module: This module mediates the interaction between you, the SaltStack master and minion nodes, and the Sectigo REST API. The module mainly consists of a standard Salt execution routine with minimum dependencies. It supports the enrollment, collection, replacement, renewal, and revocation of SSL and client certificates.

How the integration works

The Sectigo SaltStack integration is designed to allow you to generate certificates on a master node and, in the case of SSL certificates, distribute them onto minion nodes as needed. This functionality is achieved by using Salt runners that are typically placed in the salt/_runners/ directory. Additionally, the Sectigo SaltStack integration allows you to generate certificates directly on minion nodes. This can be achieved by using Salt execution modules that are typically placed in the salt/_modules/ directory.