AntonOfTheWoods · January 3, 2025 15:29
diff --git a/ovh_consumer_key.py b/ovh_consumer_key.py
 # This is a template for getting the famous "consumer key" that you need in order to set up 
 # Let's Encrypt DNS issuing for your domain via the DNS provider

 # See https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
 # for most details, including the installation of https://github.com/baarde/cert-manager-webhook-ovh.
 # This script is useful for the part: 
 # Then we need to create an OVH API Key , access this URL : And create an API Access with the GET PUT POST DELETE 
 # right on the /<domain>/zone/* (replace with the domain you want to validate).

 # Here are instructions for getting all the credentials you need and configuring this correctly, as it is far from obvious for someone
 # who has never used the OVH api before!

 # Sidebar - OVH's API appears to work on the following principle. You have "apps" that you can create in your own account that will be 
 # owned by you. These "apps" are useless on their own, however, as they need to be activated and given permissions for specific accounts, 
 # even your own. This is the famous "consumer key". So you create an "app" and then get consumer keys for all the client accounts that 
 # you want the app to be able to access. For this you MUST get a key and use it every time you want to interact with an account in 
 # addition to the appication keys. 

 # First go to https://eu.api.ovh.com/createApp/ (or https://us.api.ovh.com/createApp/ for the US I guess) and fill in a name and desc
 # Get the "Application Key" and "Application Secret". You need both of these to get your consumer key.

 # the following python3.6+ will get your consumer key. First install the ovh python client

 # pip install ovh
 # then modify the <your_application_key>, <your_application_secret>, <your_domain> values below and execute:

 import ovh

 app_key = '<your_application_key>'
 app_secret = '<your_application_secret>'
 your_domain = '<your_domain>'

 # create a client using configuration
 client = ovh.Client(
    endpoint='ovh-eu',  # or 'ovh-us' for the US
    application_key=app_key,
    application_secret=app_secret
 )
 perm_base = f"/domain/zone/{your_domain}/*"

 access_rules = [
        {'method': 'GET', 'path': perm_base},
        {'method': 'POST', 'path': perm_base},
        {'method': 'PUT', 'path': perm_base},
        {'method': 'DELETE', 'path': perm_base}
        ]

 validation = client.request_consumerkey(access_rules)

 print(f"Please visit {validation['validationUrl']} to authenticate")

 # Once you have visited that URL and accepted that the "app" access your account, you can use the consumer key. 
 # I advise you select "Unlimited" from the "Validity" dropdown, so cert-manager can just take care of updating your certs when they expire
 # but that is obviously up to you if you want to repeat this every three months!
  
 # You can now continue with
 # https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
	# This is a template for getting the famous "consumer key" that you need in order to set up
	# Let's Encrypt DNS issuing for your domain via the DNS provider

	# See https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b
	# for most details, including the installation of https://github.com/baarde/cert-manager-webhook-ovh.
	# This script is useful for the part:
	# Then we need to create an OVH API Key , access this URL : And create an API Access with the GET PUT POST DELETE
	# right on the /<domain>/zone/* (replace with the domain you want to validate).

	# Here are instructions for getting all the credentials you need and configuring this correctly, as it is far from obvious for someone
	# who has never used the OVH api before!

	# Sidebar - OVH's API appears to work on the following principle. You have "apps" that you can create in your own account that will be
	# owned by you. These "apps" are useless on their own, however, as they need to be activated and given permissions for specific accounts,
	# even your own. This is the famous "consumer key". So you create an "app" and then get consumer keys for all the client accounts that
	# you want the app to be able to access. For this you MUST get a key and use it every time you want to interact with an account in
	# addition to the appication keys.

	# First go to https://eu.api.ovh.com/createApp/ (or https://us.api.ovh.com/createApp/ for the US I guess) and fill in a name and desc
	# Get the "Application Key" and "Application Secret". You need both of these to get your consumer key.

	# the following python3.6+ will get your consumer key. First install the ovh python client

	# pip install ovh
	# then modify the <your_application_key>, <your_application_secret>, <your_domain> values below and execute:

	import ovh

	app_key = '<your_application_key>'
	app_secret = '<your_application_secret>'
	your_domain = '<your_domain>'

	# create a client using configuration
	client = ovh.Client(
	endpoint='ovh-eu', # or 'ovh-us' for the US
	application_key=app_key,
	application_secret=app_secret
	)
	perm_base = f"/domain/zone/{your_domain}/*"

	access_rules = [
	{'method': 'GET', 'path': perm_base},
	{'method': 'POST', 'path': perm_base},
	{'method': 'PUT', 'path': perm_base},
	{'method': 'DELETE', 'path': perm_base}
	]

	validation = client.request_consumerkey(access_rules)

	print(f"Please visit {validation['validationUrl']} to authenticate")

	# Once you have visited that URL and accepted that the "app" access your account, you can use the consumer key.
	# I advise you select "Unlimited" from the "Validity" dropdown, so cert-manager can just take care of updating your certs when they expire
	# but that is obviously up to you if you want to repeat this every three months!

	# You can now continue with
	# https://medium.com/@gabin.chambon/automatic-certificate-generation-on-kubernetes-with-cert-manager-on-ovh-cloud-a0b58b64279b