Merge branch 'fudiwei-feat/new-workflow-ui' into next

2025-07-18 17:31:55 +08:00 · 2024-12-22 18:37:52 +08:00 · 2024-12-22 18:37:52 +08:00 · ed37add29f
commit ed37add29f
parent 419b6eb626 6d25f9c205
230 changed files with 7124 additions and 14360 deletions
--- a/.gitignore
+++ b/.gitignore
@ -15,8 +15,6 @@ vendor
 pb_data
 build
 main
-/ui/dist/*
-!/ui/dist/.gitkeep
-./dist
-./certimate
+/dist
 /docker/data
+/certimate
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@
 > [!WARNING]
 > 当前分支为 `next`，是 v0.3.x 的开发分支，目前还没有稳定，请勿在生产环境中使用。
 >
-> 如需访问 v0.2.x 源码，请切换至 `main` 分支。
+> 如需访问之前的版本，请切换至 `main` 分支。

 # 🔒Certimate

@ -88,7 +88,7 @@ make local.run
 |    AWS     |      √       |              | 可签发在 AWS Route53 托管的域名                                   |
 | CloudFlare |      √       |              | 可签发在 CloudFlare 注册的域名；CloudFlare 服务自带 SSL 证书      |
 |  GoDaddy   |      √       |              | 可签发在 GoDaddy 注册的域名                                       |
-|  Namesilo  |      √       |              | 可签发在 Namesilo 注册的域名                                      |
+|  NameSilo  |      √       |              | 可签发在 NameSilo 注册的域名                                      |
 |  PowerDNS  |      √       |              | 可签发在 PowerDNS 托管的域名                                      |
 | HTTP 请求  |      √       |              | 可签发允许通过 HTTP 请求修改 DNS 的域名                           |
 |  本地部署  |              |      √       | 可部署到本地服务器                                                |
@ -194,4 +194,3 @@ Certimate 是一个免费且开源的项目，采用 [MIT 开源协议](LICENSE.
 ## 十、Star 趋势图

 [![Stargazers over time](https://starchart.cc/usual2970/certimate.svg?variant=adaptive)](https://starchart.cc/usual2970/certimate)
-
--- a/README_EN.md
+++ b/README_EN.md
@ -76,7 +76,7 @@ password：1234567890
 ## List of Supported Providers

 |   Provider    | Registration | Deployment | Remarks                                                                                                     |
-| :-----------: | :----------: | :--------: |-------------------------------------------------------------------------------------------------------------|
+| :-----------: | :----------: | :--------: | ----------------------------------------------------------------------------------------------------------- |
 | Alibaba Cloud |      √       |     √      | Supports domains registered on Alibaba Cloud; supports deployment to Alibaba Cloud OSS, CDN,SLB             |
 | Tencent Cloud |      √       |     √      | Supports domains registered on Tencent Cloud; supports deployment to Tencent Cloud COS, CDN, ECDN, CLB, TEO |
 |  Baidu Cloud  |              |     √      | Supports deployment to Baidu Cloud CDN                                                                      |
@ -87,7 +87,7 @@ password：1234567890
 |      AWS      |      √       |            | Supports domains managed on AWS Route53                                                                     |
 |  CloudFlare   |      √       |            | Supports domains registered on CloudFlare; CloudFlare services come with SSL certificates                   |
 |    GoDaddy    |      √       |            | Supports domains registered on GoDaddy                                                                      |
-|   Namesilo    |      √       |            | Supports domains registered on Namesilo                                                                     |
+|   NameSilo    |      √       |            | Supports domains registered on NameSilo                                                                     |
 |   PowerDNS    |      √       |            | Supports domains managed on PowerDNS                                                                        |
 | HTTP Request  |      √       |            | Supports domains which allow managing DNS by HTTP request                                                   |
 | Local Deploy  |              |     √      | Supports deployment to local servers                                                                        |
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@ -26,17 +26,23 @@ import (
 	"github.com/pocketbase/pocketbase/models"
 )

+/*
+提供商类型常量值。
+
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
+	NOTICE: If you add new constant, please keep ASCII order.
+*/
 const (
+	configTypeACMEHttpReq  = "acmehttpreq"
 	configTypeAliyun       = "aliyun"
-	configTypeTencent     = "tencent"
-	configTypeHuaweiCloud = "huaweicloud"
-	configTypeAws         = "aws"
+	configTypeAWS          = "aws"
 	configTypeCloudflare   = "cloudflare"
-	configTypeNamesilo    = "namesilo"
-	configTypeGodaddy     = "godaddy"
-	configTypePdns        = "pdns"
-	configTypeHttpreq     = "httpreq"
-	configTypeVolcengine  = "volcengine"
+	configTypeGoDaddy      = "godaddy"
+	configTypeHuaweiCloud  = "huaweicloud"
+	configTypeNameSilo     = "namesilo"
+	configTypePowerDNS     = "powerdns"
+	configTypeTencentCloud = "tencentcloud"
+	configTypeVolcEngine   = "volcengine"
 )

 const defaultSSLProvider = "letsencrypt"
@ -205,23 +211,23 @@ func GetWithTypeOption(t string, option *ApplyOption) (Applicant, error) {
 	switch t {
 	case configTypeAliyun:
 		return NewAliyun(option), nil
-	case configTypeTencent:
+	case configTypeTencentCloud:
 		return NewTencent(option), nil
 	case configTypeHuaweiCloud:
 		return NewHuaweiCloud(option), nil
-	case configTypeAws:
+	case configTypeAWS:
 		return NewAws(option), nil
 	case configTypeCloudflare:
 		return NewCloudflare(option), nil
-	case configTypeNamesilo:
+	case configTypeNameSilo:
 		return NewNamesilo(option), nil
-	case configTypeGodaddy:
+	case configTypeGoDaddy:
 		return NewGodaddy(option), nil
-	case configTypePdns:
+	case configTypePowerDNS:
 		return NewPdns(option), nil
-	case configTypeHttpreq:
+	case configTypeACMEHttpReq:
 		return NewHttpreq(option), nil
-	case configTypeVolcengine:
+	case configTypeVolcEngine:
 		return NewVolcengine(option), nil
 	default:
 		return nil, errors.New("unknown config type")
@ -244,7 +250,7 @@ type SSLProviderEab struct {
 }

 func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, error) {
-	record, _ := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='ssl-provider'")
+	record, _ := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='sslProvider'")

 	sslProvider := &SSLProviderConfig{
 		Config:   SSLProviderConfigContent{},
--- a/internal/certificate/service.go
+++ b/internal/certificate/service.go
@ -61,7 +61,7 @@ func buildMsg(records []domain.Certificate) *domain.NotifyMessage {

 	// 查询模板信息
 	settingRepo := repository.NewSettingRepository()
-	setting, err := settingRepo.GetByName(context.Background(), "templates")
+	setting, err := settingRepo.GetByName(context.Background(), "notifyTemplates")

 	subject := defaultExpireSubject
 	message := defaultExpireMessage
--- a/internal/deployer/aliyun_alb.go
+++ b/internal/deployer/aliyun_alb.go
@ -1,281 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-
-	aliyunAlb "github.com/alibabacloud-go/alb-20200616/v2/client"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	"github.com/alibabacloud-go/tea/tea"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
-)
-
-type AliyunALBDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *aliyunAlb.Client
-	sslUploader uploader.Uploader
-}
-
-func NewAliyunALBDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunALBDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
-	if aliCasRegion != "" {
-		// 阿里云 CAS 服务接入点是独立于 ALB 服务的
-		// 国内版接入点：华东一杭州
-		// 国际版接入点：亚太东南一新加坡
-		if !strings.HasPrefix(aliCasRegion, "cn-") {
-			aliCasRegion = "ap-southeast-1"
-		} else {
-			aliCasRegion = "cn-hangzhou"
-		}
-	}
-	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		AccessKeySecret: access.AccessKeySecret,
-		Region:          aliCasRegion,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &AliyunALBDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *AliyunALBDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunALBDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunALBDeployer) Deploy(ctx context.Context) error {
-	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
-	case "loadbalancer":
-		if err := d.deployToLoadbalancer(ctx); err != nil {
-			return err
-		}
-	case "listener":
-		if err := d.deployToListener(ctx); err != nil {
-			return err
-		}
-	default:
-		return errors.New("unsupported resource type")
-	}
-
-	return nil
-}
-
-func (d *AliyunALBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunAlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // ALB 服务默认区域：华东一杭州
-	}
-
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-
-	var endpoint string
-	switch region {
-	case "cn-hangzhou-finance":
-		endpoint = "alb.cn-hangzhou.aliyuncs.com"
-	default:
-		endpoint = fmt.Sprintf("alb.%s.aliyuncs.com", region)
-	}
-	aConfig.Endpoint = tea.String(endpoint)
-
-	client, err := aliyunAlb.NewClient(aConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
-
-func (d *AliyunALBDeployer) deployToLoadbalancer(ctx context.Context) error {
-	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	if aliLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	aliListenerIds := make([]string, 0)
-
-	// 查询负载均衡实例的详细信息
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getloadbalancerattribute
-	getLoadBalancerAttributeReq := &aliyunAlb.GetLoadBalancerAttributeRequest{
-		LoadBalancerId: tea.String(aliLoadbalancerId),
-	}
-	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetLoadBalancerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例", getLoadBalancerAttributeResp))
-
-	// 查询 HTTPS 监听列表
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage := 1
-	listListenersLimit := int32(100)
-	var listListenersToken *string = nil
-	for {
-		listListenersReq := &aliyunAlb.ListListenersRequest{
-			MaxResults:       tea.Int32(listListenersLimit),
-			NextToken:        listListenersToken,
-			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
-			ListenerProtocol: tea.String("HTTPS"),
-		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
-		}
-
-		if listListenersResp.Body.Listeners != nil {
-			for _, listener := range listListenersResp.Body.Listeners {
-				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
-			}
-		}
-
-		if listListenersResp.Body.NextToken == nil {
-			break
-		} else {
-			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 HTTPS 监听", aliListenerIds))
-
-	// 查询 QUIC 监听列表
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-listlisteners
-	listListenersPage = 1
-	listListenersToken = nil
-	for {
-		listListenersReq := &aliyunAlb.ListListenersRequest{
-			MaxResults:       tea.Int32(listListenersLimit),
-			NextToken:        listListenersToken,
-			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
-			ListenerProtocol: tea.String("QUIC"),
-		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'alb.ListListeners'")
-		}
-
-		if listListenersResp.Body.Listeners != nil {
-			for _, listener := range listListenersResp.Body.Listeners {
-				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
-			}
-		}
-
-		if listListenersResp.Body.NextToken == nil {
-			break
-		} else {
-			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ALB 负载均衡实例下的全部 QUIC 监听", aliListenerIds))
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 批量更新监听证书
-	var errs []error
-	for _, aliListenerId := range aliListenerIds {
-		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
-	}
-
-	return nil
-}
-
-func (d *AliyunALBDeployer) deployToListener(ctx context.Context) error {
-	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	if aliListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 更新监听
-	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *AliyunALBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
-	// 查询监听的属性
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-getlistenerattribute
-	getListenerAttributeReq := &aliyunAlb.GetListenerAttributeRequest{
-		ListenerId: tea.String(aliListenerId),
-	}
-	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.GetListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ALB 监听配置", getListenerAttributeResp))
-
-	// 修改监听的属性
-	// REF: https://help.aliyun.com/zh/slb/application-load-balancer/developer-reference/api-alb-2020-06-16-updatelistenerattribute
-	updateListenerAttributeReq := &aliyunAlb.UpdateListenerAttributeRequest{
-		ListenerId: tea.String(aliListenerId),
-		Certificates: []*aliyunAlb.UpdateListenerAttributeRequestCertificates{{
-			CertificateId: tea.String(aliCertId),
-		}},
-	}
-	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'alb.UpdateListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新 ALB 监听配置", updateListenerAttributeResp))
-
-	return nil
-}
--- a/internal/deployer/aliyun_cdn.go
+++ b/internal/deployer/aliyun_cdn.go
@ -1,88 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-
-	aliyunCdn "github.com/alibabacloud-go/cdn-20180510/v5/client"
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	"github.com/alibabacloud-go/tea/tea"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type AliyunCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient *aliyunCdn.Client
-}
-
-func NewAliyunCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunCDNDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	return &AliyunCDNDeployer{
-		option:    option,
-		infos:     make([]string, 0),
-		sdkClient: client,
-	}, nil
-}
-
-func (d *AliyunCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunCDNDeployer) Deploy(ctx context.Context) error {
-	// 设置 CDN 域名域名证书
-	// REF: https://help.aliyun.com/zh/cdn/developer-reference/api-cdn-2018-05-10-setcdndomainsslcertificate
-	setCdnDomainSSLCertificateReq := &aliyunCdn.SetCdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(d.option.DeployConfig.GetConfigAsString("domain")),
-		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
-		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
-		CertType:    tea.String("upload"),
-		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(d.option.Certificate.Certificate),
-		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
-	}
-	setCdnDomainSSLCertificateResp, err := d.sdkClient.SetCdnDomainSSLCertificate(setCdnDomainSSLCertificateReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.SetCdnDomainSSLCertificate'")
-	}
-
-	d.infos = append(d.infos, toStr("已设置 CDN 域名证书", setCdnDomainSSLCertificateResp))
-
-	return nil
-}
-
-func (d *AliyunCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunCdn.Client, error) {
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String("cdn.aliyuncs.com"),
-	}
-
-	client, err := aliyunCdn.NewClient(aConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/aliyun_clb.go
+++ b/internal/deployer/aliyun_clb.go
@ -1,286 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
-	"github.com/alibabacloud-go/tea/tea"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderAliyunSlb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-slb"
-)
-
-type AliyunCLBDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *aliyunSlb.Client
-	sslUploader uploader.Uploader
-}
-
-func NewAliyunCLBDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunCLBDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	uploader, err := uploaderAliyunSlb.New(&uploaderAliyunSlb.AliyunSLBUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		AccessKeySecret: access.AccessKeySecret,
-		Region:          option.DeployConfig.GetConfigAsString("region"),
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &AliyunCLBDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *AliyunCLBDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunCLBDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunCLBDeployer) Deploy(ctx context.Context) error {
-	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
-	case "loadbalancer":
-		if err := d.deployToLoadbalancer(ctx); err != nil {
-			return err
-		}
-	case "listener":
-		if err := d.deployToListener(ctx); err != nil {
-			return err
-		}
-	default:
-		return errors.New("unsupported resource type")
-	}
-
-	return nil
-}
-
-func (d *AliyunCLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // CLB(SLB) 服务默认区域：华东一杭州
-	}
-
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-
-	var endpoint string
-	switch region {
-	case
-		"cn-hangzhou",
-		"cn-hangzhou-finance",
-		"cn-shanghai-finance-1",
-		"cn-shenzhen-finance-1":
-		endpoint = "slb.aliyuncs.com"
-	default:
-		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
-	}
-	aConfig.Endpoint = tea.String(endpoint)
-
-	client, err := aliyunSlb.NewClient(aConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
-
-func (d *AliyunCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
-	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	aliListenerPorts := make([]int32, 0)
-	if aliLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	// 查询负载均衡实例的详细信息
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerattribute
-	describeLoadBalancerAttributeReq := &aliyunSlb.DescribeLoadBalancerAttributeRequest{
-		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
-		LoadBalancerId: tea.String(aliLoadbalancerId),
-	}
-	describeLoadBalancerAttributeResp, err := d.sdkClient.DescribeLoadBalancerAttribute(describeLoadBalancerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例", describeLoadBalancerAttributeResp))
-
-	// 查询 HTTPS 监听列表
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerlisteners
-	listListenersPage := 1
-	listListenersLimit := int32(100)
-	var listListenersToken *string = nil
-	for {
-		describeLoadBalancerListenersReq := &aliyunSlb.DescribeLoadBalancerListenersRequest{
-			RegionId:         tea.String(d.option.DeployConfig.GetConfigAsString("region")),
-			MaxResults:       tea.Int32(listListenersLimit),
-			NextToken:        listListenersToken,
-			LoadBalancerId:   []*string{tea.String(aliLoadbalancerId)},
-			ListenerProtocol: tea.String("https"),
-		}
-		describeLoadBalancerListenersResp, err := d.sdkClient.DescribeLoadBalancerListeners(describeLoadBalancerListenersReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerListeners'")
-		}
-
-		if describeLoadBalancerListenersResp.Body.Listeners != nil {
-			for _, listener := range describeLoadBalancerListenersResp.Body.Listeners {
-				aliListenerPorts = append(aliListenerPorts, *listener.ListenerPort)
-			}
-		}
-
-		if describeLoadBalancerListenersResp.Body.NextToken == nil {
-			break
-		} else {
-			listListenersToken = describeLoadBalancerListenersResp.Body.NextToken
-			listListenersPage += 1
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 CLB 负载均衡实例下的全部 HTTPS 监听", aliListenerPorts))
-
-	// 上传证书到 SLB
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 批量更新监听证书
-	var errs []error
-	for _, aliListenerPort := range aliListenerPorts {
-		if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
-	}
-
-	return nil
-}
-
-func (d *AliyunCLBDeployer) deployToListener(ctx context.Context) error {
-	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	if aliLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	aliListenerPort := d.option.DeployConfig.GetConfigAsInt32("listenerPort")
-	if aliListenerPort == 0 {
-		return errors.New("`listenerPort` is required")
-	}
-
-	// 上传证书到 SLB
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 更新监听
-	if err := d.updateListenerCertificate(ctx, aliLoadbalancerId, aliListenerPort, upres.CertId); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *AliyunCLBDeployer) updateListenerCertificate(ctx context.Context, aliLoadbalancerId string, aliListenerPort int32, aliCertId string) error {
-	// 查询监听配置
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeloadbalancerhttpslistenerattribute
-	describeLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.DescribeLoadBalancerHTTPSListenerAttributeRequest{
-		LoadBalancerId: tea.String(aliLoadbalancerId),
-		ListenerPort:   tea.Int32(aliListenerPort),
-	}
-	describeLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.DescribeLoadBalancerHTTPSListenerAttribute(describeLoadBalancerHTTPSListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeLoadBalancerHTTPSListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 CLB HTTPS 监听配置", describeLoadBalancerHTTPSListenerAttributeResp))
-
-	// 查询扩展域名
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describedomainextensions
-	describeDomainExtensionsReq := &aliyunSlb.DescribeDomainExtensionsRequest{
-		RegionId:       tea.String(d.option.DeployConfig.GetConfigAsString("region")),
-		LoadBalancerId: tea.String(aliLoadbalancerId),
-		ListenerPort:   tea.Int32(aliListenerPort),
-	}
-	describeDomainExtensionsResp, err := d.sdkClient.DescribeDomainExtensions(describeDomainExtensionsReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeDomainExtensions'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 CLB 扩展域名", describeDomainExtensionsResp))
-
-	// 遍历修改扩展域名
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setdomainextensionattribute
-	//
-	// 这里仅修改跟被替换证书一致的扩展域名
-	if describeDomainExtensionsResp.Body.DomainExtensions != nil && describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension != nil {
-		for _, domainExtension := range describeDomainExtensionsResp.Body.DomainExtensions.DomainExtension {
-			if *domainExtension.ServerCertificateId != *describeLoadBalancerHTTPSListenerAttributeResp.Body.ServerCertificateId {
-				continue
-			}
-
-			setDomainExtensionAttributeReq := &aliyunSlb.SetDomainExtensionAttributeRequest{
-				RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
-				DomainExtensionId:   tea.String(*domainExtension.DomainExtensionId),
-				ServerCertificateId: tea.String(aliCertId),
-			}
-			_, err := d.sdkClient.SetDomainExtensionAttribute(setDomainExtensionAttributeReq)
-			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetDomainExtensionAttribute'")
-			}
-		}
-	}
-
-	// 修改监听配置
-	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-setloadbalancerhttpslistenerattribute
-	//
-	// 注意修改监听配置要放在修改扩展域名之后
-	setLoadBalancerHTTPSListenerAttributeReq := &aliyunSlb.SetLoadBalancerHTTPSListenerAttributeRequest{
-		RegionId:            tea.String(d.option.DeployConfig.GetConfigAsString("region")),
-		LoadBalancerId:      tea.String(aliLoadbalancerId),
-		ListenerPort:        tea.Int32(aliListenerPort),
-		ServerCertificateId: tea.String(aliCertId),
-	}
-	setLoadBalancerHTTPSListenerAttributeResp, err := d.sdkClient.SetLoadBalancerHTTPSListenerAttribute(setLoadBalancerHTTPSListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'slb.SetLoadBalancerHTTPSListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新 CLB HTTPS 监听配置", setLoadBalancerHTTPSListenerAttributeResp))
-
-	return nil
-}
--- a/internal/deployer/aliyun_dcdn.go
+++ b/internal/deployer/aliyun_dcdn.go
@ -1,95 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-	"time"
-
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunDcdn "github.com/alibabacloud-go/dcdn-20180115/v3/client"
-	"github.com/alibabacloud-go/tea/tea"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type AliyunDCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient *aliyunDcdn.Client
-}
-
-func NewAliyunDCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunDCDNDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	return &AliyunDCDNDeployer{
-		option:    option,
-		infos:     make([]string, 0),
-		sdkClient: client,
-	}, nil
-}
-
-func (d *AliyunDCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunDCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunDCDNDeployer) Deploy(ctx context.Context) error {
-	// 支持泛解析域名，在 Aliyun DCDN 中泛解析域名表示为 .example.com
-	domain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(domain, "*") {
-		domain = strings.TrimPrefix(domain, "*")
-	}
-
-	// 配置域名证书
-	// REF: https://help.aliyun.com/zh/edge-security-acceleration/dcdn/developer-reference/api-dcdn-2018-01-15-setdcdndomainsslcertificate
-	setDcdnDomainSSLCertificateReq := &aliyunDcdn.SetDcdnDomainSSLCertificateRequest{
-		DomainName:  tea.String(domain),
-		CertRegion:  tea.String(d.option.DeployConfig.GetConfigOrDefaultAsString("region", "cn-hangzhou")),
-		CertName:    tea.String(fmt.Sprintf("certimate-%d", time.Now().UnixMilli())),
-		CertType:    tea.String("upload"),
-		SSLProtocol: tea.String("on"),
-		SSLPub:      tea.String(d.option.Certificate.Certificate),
-		SSLPri:      tea.String(d.option.Certificate.PrivateKey),
-	}
-	setDcdnDomainSSLCertificateResp, err := d.sdkClient.SetDcdnDomainSSLCertificate(setDcdnDomainSSLCertificateReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'dcdn.SetDcdnDomainSSLCertificate'")
-	}
-
-	d.infos = append(d.infos, toStr("已配置 DCDN 域名证书", setDcdnDomainSSLCertificateResp))
-
-	return nil
-}
-
-func (d *AliyunDCDNDeployer) createSdkClient(accessKeyId, accessKeySecret string) (*aliyunDcdn.Client, error) {
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-		Endpoint:        tea.String("dcdn.aliyuncs.com"),
-	}
-
-	client, err := aliyunDcdn.NewClient(aConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/aliyun_nlb.go
+++ b/internal/deployer/aliyun_nlb.go
@ -1,245 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-
-	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
-	aliyunNlb "github.com/alibabacloud-go/nlb-20220430/v2/client"
-	"github.com/alibabacloud-go/tea/tea"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderAliyunCas "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/aliyun-cas"
-)
-
-type AliyunNLBDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *aliyunNlb.Client
-	sslUploader uploader.Uploader
-}
-
-func NewAliyunNLBDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunNLBDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	aliCasRegion := option.DeployConfig.GetConfigAsString("region")
-	if aliCasRegion != "" {
-		// 阿里云 CAS 服务接入点是独立于 NLB 服务的
-		// 国内版接入点：华东一杭州
-		// 国际版接入点：亚太东南一新加坡
-		if !strings.HasPrefix(aliCasRegion, "cn-") {
-			aliCasRegion = "ap-southeast-1"
-		} else {
-			aliCasRegion = "cn-hangzhou"
-		}
-	}
-	uploader, err := uploaderAliyunCas.New(&uploaderAliyunCas.AliyunCASUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		AccessKeySecret: access.AccessKeySecret,
-		Region:          aliCasRegion,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &AliyunNLBDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *AliyunNLBDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunNLBDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunNLBDeployer) Deploy(ctx context.Context) error {
-	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
-	case "loadbalancer":
-		if err := d.deployToLoadbalancer(ctx); err != nil {
-			return err
-		}
-	case "listener":
-		if err := d.deployToListener(ctx); err != nil {
-			return err
-		}
-	default:
-		return errors.New("unsupported resource type")
-	}
-
-	return nil
-}
-
-func (d *AliyunNLBDeployer) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunNlb.Client, error) {
-	if region == "" {
-		region = "cn-hangzhou" // NLB 服务默认区域：华东一杭州
-	}
-
-	aConfig := &aliyunOpen.Config{
-		AccessKeyId:     tea.String(accessKeyId),
-		AccessKeySecret: tea.String(accessKeySecret),
-	}
-
-	var endpoint string
-	switch region {
-	default:
-		endpoint = fmt.Sprintf("nlb.%s.aliyuncs.com", region)
-	}
-	aConfig.Endpoint = tea.String(endpoint)
-
-	client, err := aliyunNlb.NewClient(aConfig)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
-
-func (d *AliyunNLBDeployer) deployToLoadbalancer(ctx context.Context) error {
-	aliLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	if aliLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	aliListenerIds := make([]string, 0)
-
-	// 查询负载均衡实例的详细信息
-	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getloadbalancerattribute
-	getLoadBalancerAttributeReq := &aliyunNlb.GetLoadBalancerAttributeRequest{
-		LoadBalancerId: tea.String(aliLoadbalancerId),
-	}
-	getLoadBalancerAttributeResp, err := d.sdkClient.GetLoadBalancerAttribute(getLoadBalancerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetLoadBalancerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例", getLoadBalancerAttributeResp))
-
-	// 查询 TCPSSL 监听列表
-	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-listlisteners
-	listListenersPage := 1
-	listListenersLimit := int32(100)
-	var listListenersToken *string = nil
-	for {
-		listListenersReq := &aliyunNlb.ListListenersRequest{
-			MaxResults:       tea.Int32(listListenersLimit),
-			NextToken:        listListenersToken,
-			LoadBalancerIds:  []*string{tea.String(aliLoadbalancerId)},
-			ListenerProtocol: tea.String("TCPSSL"),
-		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'nlb.ListListeners'")
-		}
-
-		if listListenersResp.Body.Listeners != nil {
-			for _, listener := range listListenersResp.Body.Listeners {
-				aliListenerIds = append(aliListenerIds, *listener.ListenerId)
-			}
-		}
-
-		if listListenersResp.Body.NextToken == nil {
-			break
-		} else {
-			listListenersToken = listListenersResp.Body.NextToken
-			listListenersPage += 1
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 NLB 负载均衡实例下的全部 TCPSSL 监听", aliListenerIds))
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 批量更新监听证书
-	var errs []error
-	for _, aliListenerId := range aliListenerIds {
-		if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
-	}
-
-	return nil
-}
-
-func (d *AliyunNLBDeployer) deployToListener(ctx context.Context) error {
-	aliListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	if aliListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 更新监听
-	if err := d.updateListenerCertificate(ctx, aliListenerId, upres.CertId); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *AliyunNLBDeployer) updateListenerCertificate(ctx context.Context, aliListenerId string, aliCertId string) error {
-	// 查询监听的属性
-	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-getlistenerattribute
-	getListenerAttributeReq := &aliyunNlb.GetListenerAttributeRequest{
-		ListenerId: tea.String(aliListenerId),
-	}
-	getListenerAttributeResp, err := d.sdkClient.GetListenerAttribute(getListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.GetListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 NLB 监听配置", getListenerAttributeResp))
-
-	// 修改监听的属性
-	// REF: https://help.aliyun.com/zh/slb/network-load-balancer/developer-reference/api-nlb-2022-04-30-updatelistenerattribute
-	updateListenerAttributeReq := &aliyunNlb.UpdateListenerAttributeRequest{
-		ListenerId:     tea.String(aliListenerId),
-		CertificateIds: []*string{tea.String(aliCertId)},
-	}
-	updateListenerAttributeResp, err := d.sdkClient.UpdateListenerAttribute(updateListenerAttributeReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'nlb.UpdateListenerAttribute'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新 NLB 监听配置", updateListenerAttributeResp))
-
-	return nil
-}
--- a/internal/deployer/aliyun_oss.go
+++ b/internal/deployer/aliyun_oss.go
@ -1,86 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"github.com/aliyun/aliyun-oss-go-sdk/oss"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type AliyunOSSDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient *oss.Client
-}
-
-func NewAliyunOSSDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.AliyunAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&AliyunOSSDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.AccessKeySecret,
-		option.DeployConfig.GetConfigAsString("endpoint"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	return &AliyunOSSDeployer{
-		option:    option,
-		infos:     make([]string, 0),
-		sdkClient: client,
-	}, nil
-}
-
-func (d *AliyunOSSDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *AliyunOSSDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *AliyunOSSDeployer) Deploy(ctx context.Context) error {
-	aliBucket := d.option.DeployConfig.GetConfigAsString("bucket")
-	if aliBucket == "" {
-		return errors.New("`bucket` is required")
-	}
-
-	// 为存储空间绑定自定义域名
-	// REF: https://help.aliyun.com/zh/oss/developer-reference/putcname
-	err := d.sdkClient.PutBucketCnameWithCertificate(aliBucket, oss.PutBucketCname{
-		Cname: d.option.DeployConfig.GetConfigAsString("domain"),
-		CertificateConfiguration: &oss.CertificateConfiguration{
-			Certificate: d.option.Certificate.Certificate,
-			PrivateKey:  d.option.Certificate.PrivateKey,
-			Force:       true,
-		},
-	})
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'oss.PutBucketCnameWithCertificate'")
-	}
-
-	return nil
-}
-
-func (d *AliyunOSSDeployer) createSdkClient(accessKeyId, accessKeySecret, endpoint string) (*oss.Client, error) {
-	if endpoint == "" {
-		endpoint = "oss.aliyuncs.com"
-	}
-
-	client, err := oss.New(endpoint, accessKeyId, accessKeySecret)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/baiducloud_cdn.go
+++ b/internal/deployer/baiducloud_cdn.go
@ -1,80 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"time"
-
-	bceCdn "github.com/baidubce/bce-sdk-go/services/cdn"
-	bceCdnApi "github.com/baidubce/bce-sdk-go/services/cdn/api"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type BaiduCloudCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient *bceCdn.Client
-}
-
-func NewBaiduCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.BaiduCloudAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&BaiduCloudCDNDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.SecretAccessKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	return &BaiduCloudCDNDeployer{
-		option:    option,
-		infos:     make([]string, 0),
-		sdkClient: client,
-	}, nil
-}
-
-func (d *BaiduCloudCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *BaiduCloudCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *BaiduCloudCDNDeployer) Deploy(ctx context.Context) error {
-	// 修改域名证书
-	// REF: https://cloud.baidu.com/doc/CDN/s/qjzuz2hp8
-	putCertResp, err := d.sdkClient.PutCert(
-		d.option.DeployConfig.GetConfigAsString("domain"),
-		&bceCdnApi.UserCertificate{
-			CertName:    fmt.Sprintf("certimate-%d", time.Now().UnixMilli()),
-			ServerData:  d.option.Certificate.Certificate,
-			PrivateData: d.option.Certificate.PrivateKey,
-		},
-		"ON",
-	)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.PutCert'")
-	}
-
-	d.infos = append(d.infos, toStr("已修改域名证书", putCertResp))
-
-	return nil
-}
-
-func (d *BaiduCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey string) (*bceCdn.Client, error) {
-	client, err := bceCdn.NewClient(accessKeyId, secretAccessKey, "")
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/byteplus_cdn.go
+++ b/internal/deployer/byteplus_cdn.go
@ -1,116 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	bytepluscdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/byteplus-cdn"
-
-	"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
-	xerrors "github.com/pkg/errors"
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-)
-
-type ByteplusCDNDeployer struct {
-	option      *DeployerOption
-	infos       []string
-	sdkClient   *cdn.CDN
-	sslUploader uploader.Uploader
-}
-
-func NewByteplusCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.ByteplusAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-	client := cdn.NewInstance()
-	client.Client.SetAccessKey(access.AccessKey)
-	client.Client.SetSecretKey(access.SecretKey)
-	uploader, err := bytepluscdn.New(&bytepluscdn.ByteplusCDNUploaderConfig{
-		AccessKey: access.AccessKey,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-	return &ByteplusCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *ByteplusCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *ByteplusCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *ByteplusCDNDeployer) Deploy(ctx context.Context) error {
-	apiCtx := context.Background()
-	// 上传证书
-	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	domains := make([]string, 0)
-	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(configDomain, "*.") {
-		// 获取证书可以部署的域名
-		// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-describecertconfig-9ea17
-		describeCertConfigReq := &cdn.DescribeCertConfigRequest{
-			CertId: upres.CertId,
-		}
-		describeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertConfig'")
-		}
-		for i := range describeCertConfigResp.Result.CertNotConfig {
-			// 当前未启用 HTTPS 的加速域名列表。
-			domains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain)
-		}
-		for i := range describeCertConfigResp.Result.OtherCertConfig {
-			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联的证书不是您指定的证书。
-			domains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain)
-		}
-		for i := range describeCertConfigResp.Result.SpecifiedCertConfig {
-			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联了您指定的证书。
-			d.infos = append(d.infos, fmt.Sprintf("%s域名已配置该证书", describeCertConfigResp.Result.SpecifiedCertConfig[i].Domain))
-		}
-		if len(domains) == 0 {
-			if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 {
-				// 所有匹配的域名都配置了该证书，跳过部署
-				return nil
-			} else {
-				return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
-			}
-		}
-	} else {
-		domains = append(domains, configDomain)
-	}
-	// 部署证书
-	// REF: https://github.com/byteplus-sdk/byteplus-sdk-golang/blob/master/service/cdn/api_list.go#L306
-	for i := range domains {
-		batchDeployCertReq := &cdn.BatchDeployCertRequest{
-			CertId: upres.CertId,
-			Domain: domains[i],
-		}
-		batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BatchDeployCert'")
-		} else {
-			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), batchDeployCertResp))
-		}
-	}
-
-	return nil
-}
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@ -2,41 +2,46 @@ package deployer

 import (
 	"context"
-	"encoding/json"
-	"errors"
 	"fmt"

 	"github.com/pocketbase/pocketbase/models"

 	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
 	"github.com/usual2970/certimate/internal/repository"
 )

+/*
+提供商部署目标常量值。
+
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
+	NOTICE: If you add new constant, please keep ASCII order.
+*/
 const (
-	targetAliyunOSS      = "aliyun-oss"
-	targetAliyunCDN      = "aliyun-cdn"
-	targetAliyunDCDN     = "aliyun-dcdn"
-	targetAliyunCLB      = "aliyun-clb"
 	targetAliyunALB        = "aliyun-alb"
+	targetAliyunCDN        = "aliyun-cdn"
+	targetAliyunCLB        = "aliyun-clb"
+	targetAliyunDCDN       = "aliyun-dcdn"
 	targetAliyunNLB        = "aliyun-nlb"
-	targetTencentCDN     = "tencent-cdn"
-	targetTencentECDN    = "tencent-ecdn"
-	targetTencentCLB     = "tencent-clb"
-	targetTencentCOS     = "tencent-cos"
-	targetTencentTEO     = "tencent-teo"
+	targetAliyunOSS        = "aliyun-oss"
+	targetBaiduCloudCDN    = "baiducloud-cdn"
+	targetBytePlusCDN      = "byteplus-cdn"
+	targetDogeCloudCDN     = "dogecloud-cdn"
 	targetHuaweiCloudCDN   = "huaweicloud-cdn"
 	targetHuaweiCloudELB   = "huaweicloud-elb"
-	targetBaiduCloudCDN  = "baiducloud-cdn"
-	targetVolcEngineLive = "volcengine-live"
-	targetVolcEngineCDN  = "volcengine-cdn"
-	targetBytePlusCDN    = "byteplus-cdn"
-	targetQiniuCdn       = "qiniu-cdn"
-	targetDogeCloudCdn   = "dogecloud-cdn"
-	targetLocal          = "local"
-	targetSSH            = "ssh"
-	targetWebhook        = "webhook"
 	targetK8sSecret        = "k8s-secret"
+	targetLocal            = "local"
+	targetQiniuCDN         = "qiniu-cdn"
+	targetSSH              = "ssh"
+	targetTencentCloudCDN  = "tencentcloud-cdn"
+	targetTencentCloudCLB  = "tencentcloud-clb"
+	targetTencentCloudCOS  = "tencentcloud-cos"
+	targetTencentCloudECDN = "tencentcloud-ecdn"
+	targetTencentCloudEO   = "tencentcloud-eo"
+	targetVolcEngineCDN    = "volcengine-cdn"
+	targetVolcEngineLive   = "volcengine-live"
+	targetWebhook          = "webhook"
 )

 type DeployerOption struct {
@ -73,7 +78,7 @@ func Gets(record *models.Record, cert *applicant.Certificate) ([]Deployer, error
 	}

 	for _, deployConfig := range deployConfigs {
-		deployer, err := getWithDeployConfig(record, cert, deployConfig)
+		deployer, err := newWithDeployConfig(record, cert, deployConfig)
 		if err != nil {
 			return nil, err
 		}
@ -85,10 +90,10 @@ func Gets(record *models.Record, cert *applicant.Certificate) ([]Deployer, error
 }

 func GetWithTypeAndOption(deployType string, option *DeployerOption) (Deployer, error) {
-	return getWithTypeAndOption(deployType, option)
+	return newWithTypeAndOption(deployType, option)
 }

-func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, deployConfig domain.DeployConfig) (Deployer, error) {
+func newWithDeployConfig(record *models.Record, cert *applicant.Certificate, deployConfig domain.DeployConfig) (Deployer, error) {
 	accessRepo := repository.NewAccessRepository()
 	access, err := accessRepo.GetById(context.Background(), deployConfig.Access)
 	if err != nil {
@ -111,65 +116,38 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		}
 	}

-	return getWithTypeAndOption(deployConfig.Type, option)
+	return newWithTypeAndOption(deployConfig.Type, option)
 }

-func getWithTypeAndOption(deployType string, option *DeployerOption) (Deployer, error) {
-	switch deployType {
-	case targetAliyunOSS:
-		return NewAliyunOSSDeployer(option)
-	case targetAliyunCDN:
-		return NewAliyunCDNDeployer(option)
-	case targetAliyunDCDN:
-		return NewAliyunDCDNDeployer(option)
-	case targetAliyunCLB:
-		return NewAliyunCLBDeployer(option)
-	case targetAliyunALB:
-		return NewAliyunALBDeployer(option)
-	case targetAliyunNLB:
-		return NewAliyunNLBDeployer(option)
-	case targetTencentCDN:
-		return NewTencentCDNDeployer(option)
-	case targetTencentECDN:
-		return NewTencentECDNDeployer(option)
-	case targetTencentCLB:
-		return NewTencentCLBDeployer(option)
-	case targetTencentCOS:
-		return NewTencentCOSDeployer(option)
-	case targetTencentTEO:
-		return NewTencentTEODeployer(option)
-	case targetHuaweiCloudCDN:
-		return NewHuaweiCloudCDNDeployer(option)
-	case targetHuaweiCloudELB:
-		return NewHuaweiCloudELBDeployer(option)
-	case targetBaiduCloudCDN:
-		return NewBaiduCloudCDNDeployer(option)
-	case targetQiniuCdn:
-		return NewQiniuCDNDeployer(option)
-	case targetDogeCloudCdn:
-		return NewDogeCloudCDNDeployer(option)
-	case targetLocal:
-		return NewLocalDeployer(option)
-	case targetSSH:
-		return NewSSHDeployer(option)
-	case targetWebhook:
-		return NewWebhookDeployer(option)
-	case targetK8sSecret:
-		return NewK8sSecretDeployer(option)
-	case targetVolcEngineLive:
-		return NewVolcengineLiveDeployer(option)
-	case targetVolcEngineCDN:
-		return NewVolcengineCDNDeployer(option)
-	case targetBytePlusCDN:
-		return NewByteplusCDNDeployer(option)
-	}
-	return nil, errors.New("unsupported deploy target")
+func newWithTypeAndOption(deployType string, option *DeployerOption) (Deployer, error) {
+	deployer, logger, err := createDeployer(deployType, option.AccessRecord.Config, option.DeployConfig.Config)
+	if err != nil {
+		return nil, err
 	}

-func toStr(tag string, data any) string {
-	if data == nil {
-		return tag
+	return &proxyDeployer{
+		option:   option,
+		logger:   logger,
+		deployer: deployer,
+	}, nil
 }
-	byts, _ := json.Marshal(data)
-	return tag + "：" + string(byts)
+
+// TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
+type proxyDeployer struct {
+	option   *DeployerOption
+	logger   deployer.Logger
+	deployer deployer.Deployer
+}
+
+func (d *proxyDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *proxyDeployer) GetInfos() []string {
+	return d.logger.GetRecords()
+}
+
+func (d *proxyDeployer) Deploy(ctx context.Context) error {
+	_, err := d.deployer.Deploy(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	return err
 }
--- a/internal/deployer/dogecloud_cdn.go
+++ b/internal/deployer/dogecloud_cdn.go
@ -1,88 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strconv"
-
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderDoge "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/dogecloud"
-	doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
-)
-
-type DogeCloudCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *doge.Client
-	sslUploader uploader.Uploader
-}
-
-func NewDogeCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.DogeCloudAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&DogeCloudCDNDeployer{}).createSdkClient(
-		access.AccessKey,
-		access.SecretKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	uploader, err := uploaderDoge.New(&uploaderDoge.DogeCloudUploaderConfig{
-		AccessKey: access.AccessKey,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &DogeCloudCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *DogeCloudCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *DogeCloudCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *DogeCloudCDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书到 CDN
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 绑定证书
-	// REF: https://docs.dogecloud.com/cdn/api-cert-bind
-	bindCdnCertId, _ := strconv.ParseInt(upres.CertId, 10, 64)
-	bindCdnCertResp, err := d.sdkClient.BindCdnCertWithDomain(bindCdnCertId, d.option.DeployConfig.GetConfigAsString("domain"))
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BindCdnCert'")
-	}
-
-	d.infos = append(d.infos, toStr("已绑定证书", bindCdnCertResp))
-
-	return nil
-}
-
-func (d *DogeCloudCDNDeployer) createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
-	client := doge.NewClient(accessKey, secretKey)
-	return client, nil
-}
--- a/internal/deployer/factory.go
+++ b/internal/deployer/factory.go
@ -7,36 +7,39 @@ import (

 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	providerAliyunAlb "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-alb"
-	providerAliyunCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
-	providerAliyunClb "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-clb"
-	providerAliyunDcdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-dcdn"
-	providerAliyunNlb "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb"
-	providerAliyunOss "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss"
-	providerBaiduCloudCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn"
-	providerBytePlusCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn"
-	providerDogeCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/dogecloud-cdn"
-	providerHuaweiCloudCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/huaweicloud-cdn"
-	providerHuaweiCloudElb "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/huaweicloud-elb"
+	providerAliyunALB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-alb"
+	providerAliyunCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-cdn"
+	providerAliyunCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-clb"
+	providerAliyunDCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-dcdn"
+	providerAliyunNLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-nlb"
+	providerAliyunOSS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/aliyun-oss"
+	providerBaiduCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/baiducloud-cdn"
+	providerBytePlusCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/byteplus-cdn"
+	providerDogeCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/dogecloud-cdn"
+	providerHuaweiCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/huaweicloud-cdn"
+	providerHuaweiCloudELB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/huaweicloud-elb"
 	providerK8sSecret "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/k8s-secret"
 	providerLocal "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/local"
-	providerQiniuCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-cdn"
+	providerQiniuCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/qiniu-cdn"
 	providerSSH "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/ssh"
-	providerTencentCloudCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cdn"
-	providerTencentCloudClb "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-clb"
-	providerTencentCloudCos "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
-	providerTencentCloudEcdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-ecdn"
-	providerTencentCloudTeo "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-teo"
-	providerVolcEngineCdn "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-cdn"
+	providerTencentCloudCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cdn"
+	providerTencentCloudCLB "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-clb"
+	providerTencentCloudCOD "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-cos"
+	providerTencentCloudECDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-ecdn"
+	providerTencentCloudEO "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-eo"
+	providerVolcEngineCDN "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-cdn"
 	providerVolcEngineLive "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-live"
 	providerWebhook "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/webhook"
 	"github.com/usual2970/certimate/internal/pkg/utils/maps"
 )

-// TODO: 该方法目前未实际使用，将在后续迭代中替换
 func createDeployer(target string, accessConfig string, deployConfig map[string]any) (deployer.Deployer, deployer.Logger, error) {
 	logger := deployer.NewDefaultLogger()

+	/*
+	  注意：如果追加新的常量值，请保持以 ASCII 排序。
+	  NOTICE: If you add new constant, please keep ASCII order.
+	*/
 	switch target {
 	case targetAliyunALB, targetAliyunCDN, targetAliyunCLB, targetAliyunDCDN, targetAliyunNLB, targetAliyunOSS:
 		{
@ -47,18 +50,18 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]

 			switch target {
 			case targetAliyunALB:
-				deployer, err := providerAliyunAlb.NewWithLogger(&providerAliyunAlb.AliyunALBDeployerConfig{
+				deployer, err := providerAliyunALB.NewWithLogger(&providerAliyunALB.AliyunALBDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
-					ResourceType:    providerAliyunAlb.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
+					ResourceType:    providerAliyunALB.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(deployConfig, "loadbalancerId"),
 					ListenerId:      maps.GetValueAsString(deployConfig, "listenerId"),
 				}, logger)
 				return deployer, logger, err

 			case targetAliyunCDN:
-				deployer, err := providerAliyunCdn.NewWithLogger(&providerAliyunCdn.AliyunCDNDeployerConfig{
+				deployer, err := providerAliyunCDN.NewWithLogger(&providerAliyunCDN.AliyunCDNDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Domain:          maps.GetValueAsString(deployConfig, "domain"),
@ -66,18 +69,18 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return deployer, logger, err

 			case targetAliyunCLB:
-				deployer, err := providerAliyunClb.NewWithLogger(&providerAliyunClb.AliyunCLBDeployerConfig{
+				deployer, err := providerAliyunCLB.NewWithLogger(&providerAliyunCLB.AliyunCLBDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
-					ResourceType:    providerAliyunClb.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
+					ResourceType:    providerAliyunCLB.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(deployConfig, "loadbalancerId"),
 					ListenerPort:    maps.GetValueAsInt32(deployConfig, "listenerPort"),
 				}, logger)
 				return deployer, logger, err

 			case targetAliyunDCDN:
-				deployer, err := providerAliyunDcdn.NewWithLogger(&providerAliyunDcdn.AliyunDCDNDeployerConfig{
+				deployer, err := providerAliyunDCDN.NewWithLogger(&providerAliyunDCDN.AliyunDCDNDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Domain:          maps.GetValueAsString(deployConfig, "domain"),
@ -85,18 +88,18 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return deployer, logger, err

 			case targetAliyunNLB:
-				deployer, err := providerAliyunNlb.NewWithLogger(&providerAliyunNlb.AliyunNLBDeployerConfig{
+				deployer, err := providerAliyunNLB.NewWithLogger(&providerAliyunNLB.AliyunNLBDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
-					ResourceType:    providerAliyunNlb.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
+					ResourceType:    providerAliyunNLB.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
 					LoadbalancerId:  maps.GetValueAsString(deployConfig, "loadbalancerId"),
 					ListenerId:      maps.GetValueAsString(deployConfig, "listenerId"),
 				}, logger)
 				return deployer, logger, err

 			case targetAliyunOSS:
-				deployer, err := providerAliyunOss.NewWithLogger(&providerAliyunOss.AliyunOSSDeployerConfig{
+				deployer, err := providerAliyunOSS.NewWithLogger(&providerAliyunOSS.AliyunOSSDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					AccessKeySecret: access.AccessKeySecret,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
@ -117,7 +120,7 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return nil, nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 			}

-			deployer, err := providerBaiduCloudCdn.NewWithLogger(&providerBaiduCloudCdn.BaiduCloudCDNDeployerConfig{
+			deployer, err := providerBaiduCloudCDN.NewWithLogger(&providerBaiduCloudCDN.BaiduCloudCDNDeployerConfig{
 				AccessKeyId:     access.AccessKeyId,
 				SecretAccessKey: access.SecretAccessKey,
 				Domain:          maps.GetValueAsString(deployConfig, "domain"),
@ -132,7 +135,7 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return nil, nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 			}

-			deployer, err := providerBytePlusCdn.NewWithLogger(&providerBytePlusCdn.BytePlusCDNDeployerConfig{
+			deployer, err := providerBytePlusCDN.NewWithLogger(&providerBytePlusCDN.BytePlusCDNDeployerConfig{
 				AccessKey: access.AccessKey,
 				SecretKey: access.SecretKey,
 				Domain:    maps.GetValueAsString(deployConfig, "domain"),
@ -140,14 +143,14 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 			return deployer, logger, err
 		}

-	case targetDogeCloudCdn:
+	case targetDogeCloudCDN:
 		{
 			access := &domain.DogeCloudAccess{}
 			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
 				return nil, nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 			}

-			deployer, err := providerDogeCdn.NewWithLogger(&providerDogeCdn.DogeCloudCDNDeployerConfig{
+			deployer, err := providerDogeCDN.NewWithLogger(&providerDogeCDN.DogeCloudCDNDeployerConfig{
 				AccessKey: access.AccessKey,
 				SecretKey: access.SecretKey,
 				Domain:    maps.GetValueAsString(deployConfig, "domain"),
@ -164,7 +167,7 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]

 			switch target {
 			case targetHuaweiCloudCDN:
-				deployer, err := providerHuaweiCloudCdn.NewWithLogger(&providerHuaweiCloudCdn.HuaweiCloudCDNDeployerConfig{
+				deployer, err := providerHuaweiCloudCDN.NewWithLogger(&providerHuaweiCloudCDN.HuaweiCloudCDNDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
@ -173,11 +176,11 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return deployer, logger, err

 			case targetHuaweiCloudELB:
-				deployer, err := providerHuaweiCloudElb.NewWithLogger(&providerHuaweiCloudElb.HuaweiCloudELBDeployerConfig{
+				deployer, err := providerHuaweiCloudELB.NewWithLogger(&providerHuaweiCloudELB.HuaweiCloudELBDeployerConfig{
 					AccessKeyId:     access.AccessKeyId,
 					SecretAccessKey: access.SecretAccessKey,
 					Region:          maps.GetValueAsString(deployConfig, "region"),
-					ResourceType:    providerHuaweiCloudElb.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
+					ResourceType:    providerHuaweiCloudELB.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
 					CertificateId:   maps.GetValueAsString(deployConfig, "certificateId"),
 					LoadbalancerId:  maps.GetValueAsString(deployConfig, "loadbalancerId"),
 					ListenerId:      maps.GetValueAsString(deployConfig, "listenerId"),
@ -223,14 +226,14 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 			return deployer, logger, err
 		}

-	case targetQiniuCdn:
+	case targetQiniuCDN:
 		{
 			access := &domain.QiniuAccess{}
 			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
 				return nil, nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 			}

-			deployer, err := providerQiniuCdn.NewWithLogger(&providerQiniuCdn.QiniuCDNDeployerConfig{
+			deployer, err := providerQiniuCDN.NewWithLogger(&providerQiniuCDN.QiniuCDNDeployerConfig{
 				AccessKey: access.AccessKey,
 				SecretKey: access.SecretKey,
 				Domain:    maps.GetValueAsString(deployConfig, "domain"),
@ -266,7 +269,7 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 			return deployer, logger, err
 		}

-	case targetTencentCDN, targetTencentCLB, targetTencentCOS, targetTencentECDN, targetTencentTEO:
+	case targetTencentCloudCDN, targetTencentCloudCLB, targetTencentCloudCOS, targetTencentCloudECDN, targetTencentCloudEO:
 		{
 			access := &domain.TencentAccess{}
 			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
@ -274,28 +277,28 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 			}

 			switch target {
-			case targetTencentCDN:
-				deployer, err := providerTencentCloudCdn.NewWithLogger(&providerTencentCloudCdn.TencentCloudCDNDeployerConfig{
+			case targetTencentCloudCDN:
+				deployer, err := providerTencentCloudCDN.NewWithLogger(&providerTencentCloudCDN.TencentCloudCDNDeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 					Domain:    maps.GetValueAsString(deployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err

-			case targetTencentCLB:
-				deployer, err := providerTencentCloudClb.NewWithLogger(&providerTencentCloudClb.TencentCloudCLBDeployerConfig{
+			case targetTencentCloudCLB:
+				deployer, err := providerTencentCloudCLB.NewWithLogger(&providerTencentCloudCLB.TencentCloudCLBDeployerConfig{
 					SecretId:       access.SecretId,
 					SecretKey:      access.SecretKey,
 					Region:         maps.GetValueAsString(deployConfig, "region"),
-					ResourceType:   providerTencentCloudClb.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
+					ResourceType:   providerTencentCloudCLB.DeployResourceType(maps.GetValueAsString(deployConfig, "resourceType")),
 					LoadbalancerId: maps.GetValueAsString(deployConfig, "loadbalancerId"),
 					ListenerId:     maps.GetValueAsString(deployConfig, "listenerId"),
 					Domain:         maps.GetValueAsString(deployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err

-			case targetTencentCOS:
-				deployer, err := providerTencentCloudCos.NewWithLogger(&providerTencentCloudCos.TencentCloudCOSDeployerConfig{
+			case targetTencentCloudCOS:
+				deployer, err := providerTencentCloudCOD.NewWithLogger(&providerTencentCloudCOD.TencentCloudCOSDeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 					Region:    maps.GetValueAsString(deployConfig, "region"),
@ -304,16 +307,16 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				}, logger)
 				return deployer, logger, err

-			case targetTencentECDN:
-				deployer, err := providerTencentCloudEcdn.NewWithLogger(&providerTencentCloudEcdn.TencentCloudECDNDeployerConfig{
+			case targetTencentCloudECDN:
+				deployer, err := providerTencentCloudECDN.NewWithLogger(&providerTencentCloudECDN.TencentCloudECDNDeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 					Domain:    maps.GetValueAsString(deployConfig, "domain"),
 				}, logger)
 				return deployer, logger, err

-			case targetTencentTEO:
-				deployer, err := providerTencentCloudTeo.NewWithLogger(&providerTencentCloudTeo.TencentCloudTEODeployerConfig{
+			case targetTencentCloudEO:
+				deployer, err := providerTencentCloudEO.NewWithLogger(&providerTencentCloudEO.TencentCloudEODeployerConfig{
 					SecretId:  access.SecretId,
 					SecretKey: access.SecretKey,
 					ZoneId:    maps.GetValueAsString(deployConfig, "zoneId"),
@ -335,7 +338,7 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]

 			switch target {
 			case targetVolcEngineCDN:
-				deployer, err := providerVolcEngineCdn.NewWithLogger(&providerVolcEngineCdn.VolcEngineCDNDeployerConfig{
+				deployer, err := providerVolcEngineCDN.NewWithLogger(&providerVolcEngineCDN.VolcEngineCDNDeployerConfig{
 					AccessKey: access.AccessKey,
 					SecretKey: access.SecretKey,
 					Domain:    maps.GetValueAsString(deployConfig, "domain"),
@ -362,9 +365,23 @@ func createDeployer(target string, accessConfig string, deployConfig map[string]
 				return nil, nil, fmt.Errorf("failed to unmarshal access config: %w", err)
 			}

+			variables := make(map[string]string)
+			if deployConfig != nil {
+				value, ok := deployConfig["variables"]
+				if ok {
+					kvs := make([]domain.KV, 0)
+					bts, _ := json.Marshal(value)
+					if err := json.Unmarshal(bts, &kvs); err == nil {
+						for _, kv := range kvs {
+							variables[kv.Key] = kv.Value
+						}
+					}
+				}
+			}
+
 			deployer, err := providerWebhook.NewWithLogger(&providerWebhook.WebhookDeployerConfig{
 				Url:       access.Url,
-				Variables: nil, // TODO: 尚未实现
+				Variables: variables,
 			}, logger)
 			return deployer, logger, err
 		}
--- a/internal/deployer/huaweicloud_cdn.go
+++ b/internal/deployer/huaweicloud_cdn.go
@ -1,143 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-
-	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
-	hcCdn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2"
-	hcCdnModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/model"
-	hcCdnRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cdn/v2/region"
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderHcScm "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-scm"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-	hcCdnEx "github.com/usual2970/certimate/internal/pkg/vendors/huaweicloud-cdn-sdk"
-)
-
-type HuaweiCloudCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *hcCdnEx.Client
-	sslUploader uploader.Uploader
-}
-
-func NewHuaweiCloudCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.HuaweiCloudAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&HuaweiCloudCDNDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.SecretAccessKey,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	uploader, err := uploaderHcScm.New(&uploaderHcScm.HuaweiCloudSCMUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		SecretAccessKey: access.SecretAccessKey,
-		Region:          "",
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &HuaweiCloudCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *HuaweiCloudCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *HuaweiCloudCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *HuaweiCloudCDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书到 SCM
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 查询加速域名配置
-	// REF: https://support.huaweicloud.com/api-cdn/ShowDomainFullConfig.html
-	showDomainFullConfigReq := &hcCdnModel.ShowDomainFullConfigRequest{
-		DomainName: d.option.DeployConfig.GetConfigAsString("domain"),
-	}
-	showDomainFullConfigResp, err := d.sdkClient.ShowDomainFullConfig(showDomainFullConfigReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ShowDomainFullConfig'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到加速域名配置", showDomainFullConfigResp))
-
-	// 更新加速域名配置
-	// REF: https://support.huaweicloud.com/api-cdn/UpdateDomainMultiCertificates.html
-	// REF: https://support.huaweicloud.com/usermanual-cdn/cdn_01_0306.html
-	updateDomainMultiCertificatesReqBodyContent := &hcCdnEx.UpdateDomainMultiCertificatesExRequestBodyContent{}
-	updateDomainMultiCertificatesReqBodyContent.DomainName = d.option.DeployConfig.GetConfigAsString("domain")
-	updateDomainMultiCertificatesReqBodyContent.HttpsSwitch = 1
-	updateDomainMultiCertificatesReqBodyContent.CertificateType = cast.Int32Ptr(2)
-	updateDomainMultiCertificatesReqBodyContent.SCMCertificateId = cast.StringPtr(upres.CertId)
-	updateDomainMultiCertificatesReqBodyContent.CertName = cast.StringPtr(upres.CertName)
-	updateDomainMultiCertificatesReqBodyContent = updateDomainMultiCertificatesReqBodyContent.MergeConfig(showDomainFullConfigResp.Configs)
-	updateDomainMultiCertificatesReq := &hcCdnEx.UpdateDomainMultiCertificatesExRequest{
-		Body: &hcCdnEx.UpdateDomainMultiCertificatesExRequestBody{
-			Https: updateDomainMultiCertificatesReqBodyContent,
-		},
-	}
-	updateDomainMultiCertificatesResp, err := d.sdkClient.UploadDomainMultiCertificatesEx(updateDomainMultiCertificatesReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadDomainMultiCertificatesEx'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新加速域名配置", updateDomainMultiCertificatesResp))
-
-	return nil
-}
-
-func (d *HuaweiCloudCDNDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcCdnEx.Client, error) {
-	if region == "" {
-		region = "cn-north-1" // CDN 服务默认区域：华北一北京
-	}
-
-	auth, err := global.NewCredentialsBuilder().
-		WithAk(accessKeyId).
-		WithSk(secretAccessKey).
-		SafeBuild()
-	if err != nil {
-		return nil, err
-	}
-
-	hcRegion, err := hcCdnRegion.SafeValueOf(region)
-	if err != nil {
-		return nil, err
-	}
-
-	hcClient, err := hcCdn.CdnClientBuilder().
-		WithRegion(hcRegion).
-		WithCredential(auth).
-		SafeBuild()
-	if err != nil {
-		return nil, err
-	}
-
-	client := hcCdnEx.NewClient(hcClient)
-	return client, nil
-}
--- a/internal/deployer/huaweicloud_elb.go
+++ b/internal/deployer/huaweicloud_elb.go
@ -1,378 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
-	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
-	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
-	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
-	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
-	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
-	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
-	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
-	xerrors "github.com/pkg/errors"
-	"golang.org/x/exp/slices"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderHcElb "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/huaweicloud-elb"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-)
-
-type HuaweiCloudELBDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *hcElb.ElbClient
-	sslUploader uploader.Uploader
-}
-
-func NewHuaweiCloudELBDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.HuaweiCloudAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&HuaweiCloudELBDeployer{}).createSdkClient(
-		access.AccessKeyId,
-		access.SecretAccessKey,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	uploader, err := uploaderHcElb.New(&uploaderHcElb.HuaweiCloudELBUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		SecretAccessKey: access.SecretAccessKey,
-		Region:          option.DeployConfig.GetConfigAsString("region"),
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &HuaweiCloudELBDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *HuaweiCloudELBDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *HuaweiCloudELBDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *HuaweiCloudELBDeployer) Deploy(ctx context.Context) error {
-	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
-	case "certificate":
-		// 部署到指定证书
-		if err := d.deployToCertificate(ctx); err != nil {
-			return err
-		}
-	case "loadbalancer":
-		// 部署到指定负载均衡器
-		if err := d.deployToLoadbalancer(ctx); err != nil {
-			return err
-		}
-	case "listener":
-		// 部署到指定监听器
-		if err := d.deployToListener(ctx); err != nil {
-			return err
-		}
-	default:
-		return errors.New("unsupported resource type")
-	}
-
-	return nil
-}
-
-func (d *HuaweiCloudELBDeployer) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
-	if region == "" {
-		region = "cn-north-4" // ELB 服务默认区域：华北四北京
-	}
-
-	projectId, err := (&HuaweiCloudELBDeployer{}).getSdkProjectId(
-		accessKeyId,
-		secretAccessKey,
-		region,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	auth, err := basic.NewCredentialsBuilder().
-		WithAk(accessKeyId).
-		WithSk(secretAccessKey).
-		WithProjectId(projectId).
-		SafeBuild()
-	if err != nil {
-		return nil, err
-	}
-
-	hcRegion, err := hcElbRegion.SafeValueOf(region)
-	if err != nil {
-		return nil, err
-	}
-
-	hcClient, err := hcElb.ElbClientBuilder().
-		WithRegion(hcRegion).
-		WithCredential(auth).
-		SafeBuild()
-	if err != nil {
-		return nil, err
-	}
-
-	client := hcElb.NewElbClient(hcClient)
-	return client, nil
-}
-
-func (u *HuaweiCloudELBDeployer) getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
-	if region == "" {
-		region = "cn-north-4" // IAM 服务默认区域：华北四北京
-	}
-
-	auth, err := global.NewCredentialsBuilder().
-		WithAk(accessKeyId).
-		WithSk(secretAccessKey).
-		SafeBuild()
-	if err != nil {
-		return "", err
-	}
-
-	hcRegion, err := hcIamRegion.SafeValueOf(region)
-	if err != nil {
-		return "", err
-	}
-
-	hcClient, err := hcIam.IamClientBuilder().
-		WithRegion(hcRegion).
-		WithCredential(auth).
-		SafeBuild()
-	if err != nil {
-		return "", err
-	}
-
-	client := hcIam.NewIamClient(hcClient)
-
-	request := &hcIamModel.KeystoneListProjectsRequest{
-		Name: &region,
-	}
-	response, err := client.KeystoneListProjects(request)
-	if err != nil {
-		return "", err
-	} else if response.Projects == nil || len(*response.Projects) == 0 {
-		return "", errors.New("no project found")
-	}
-
-	return (*response.Projects)[0].Id, nil
-}
-
-func (d *HuaweiCloudELBDeployer) deployToCertificate(ctx context.Context) error {
-	hcCertId := d.option.DeployConfig.GetConfigAsString("certificateId")
-	if hcCertId == "" {
-		return errors.New("`certificateId` is required")
-	}
-
-	// 更新证书
-	// REF: https://support.huaweicloud.com/api-elb/UpdateCertificate.html
-	updateCertificateReq := &hcElbModel.UpdateCertificateRequest{
-		CertificateId: hcCertId,
-		Body: &hcElbModel.UpdateCertificateRequestBody{
-			Certificate: &hcElbModel.UpdateCertificateOption{
-				Certificate: cast.StringPtr(d.option.Certificate.Certificate),
-				PrivateKey:  cast.StringPtr(d.option.Certificate.PrivateKey),
-			},
-		},
-	}
-	updateCertificateResp, err := d.sdkClient.UpdateCertificate(updateCertificateReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateCertificate'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新 ELB 证书", updateCertificateResp))
-
-	return nil
-}
-
-func (d *HuaweiCloudELBDeployer) deployToLoadbalancer(ctx context.Context) error {
-	hcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	if hcLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	hcListenerIds := make([]string, 0)
-
-	// 查询负载均衡器详情
-	// REF: https://support.huaweicloud.com/api-elb/ShowLoadBalancer.html
-	showLoadBalancerReq := &hcElbModel.ShowLoadBalancerRequest{
-		LoadbalancerId: hcLoadbalancerId,
-	}
-	showLoadBalancerResp, err := d.sdkClient.ShowLoadBalancer(showLoadBalancerReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowLoadBalancer'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器", showLoadBalancerResp))
-
-	// 查询监听器列表
-	// REF: https://support.huaweicloud.com/api-elb/ListListeners.html
-	listListenersLimit := int32(2000)
-	var listListenersMarker *string = nil
-	for {
-		listListenersReq := &hcElbModel.ListListenersRequest{
-			Limit:          cast.Int32Ptr(listListenersLimit),
-			Marker:         listListenersMarker,
-			Protocol:       &[]string{"HTTPS", "TERMINATED_HTTPS"},
-			LoadbalancerId: &[]string{showLoadBalancerResp.Loadbalancer.Id},
-		}
-		listListenersResp, err := d.sdkClient.ListListeners(listListenersReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListListeners'")
-		}
-
-		if listListenersResp.Listeners != nil {
-			for _, listener := range *listListenersResp.Listeners {
-				hcListenerIds = append(hcListenerIds, listener.Id)
-			}
-		}
-
-		if listListenersResp.Listeners == nil || len(*listListenersResp.Listeners) < int(listListenersLimit) {
-			break
-		} else {
-			listListenersMarker = listListenersResp.PageInfo.NextMarker
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ELB 负载均衡器下的监听器", hcListenerIds))
-
-	// 上传证书到 SCM
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 批量更新监听器证书
-	var errs []error
-	for _, hcListenerId := range hcListenerIds {
-		if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
-	}
-
-	return nil
-}
-
-func (d *HuaweiCloudELBDeployer) deployToListener(ctx context.Context) error {
-	hcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	if hcListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-
-	// 上传证书到 SCM
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 更新监听器证书
-	if err := d.modifyListenerCertificate(ctx, hcListenerId, upres.CertId); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *HuaweiCloudELBDeployer) modifyListenerCertificate(ctx context.Context, hcListenerId string, hcCertId string) error {
-	// 查询监听器详情
-	// REF: https://support.huaweicloud.com/api-elb/ShowListener.html
-	showListenerReq := &hcElbModel.ShowListenerRequest{
-		ListenerId: hcListenerId,
-	}
-	showListenerResp, err := d.sdkClient.ShowListener(showListenerReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowListener'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到 ELB 监听器", showListenerResp))
-
-	// 更新监听器
-	// REF: https://support.huaweicloud.com/api-elb/UpdateListener.html
-	updateListenerReq := &hcElbModel.UpdateListenerRequest{
-		ListenerId: hcListenerId,
-		Body: &hcElbModel.UpdateListenerRequestBody{
-			Listener: &hcElbModel.UpdateListenerOption{
-				DefaultTlsContainerRef: cast.StringPtr(hcCertId),
-			},
-		},
-	}
-	if showListenerResp.Listener.SniContainerRefs != nil {
-		if len(showListenerResp.Listener.SniContainerRefs) > 0 {
-			// 如果开启 SNI，需替换同 SAN 的证书
-			sniCertIds := make([]string, 0)
-			sniCertIds = append(sniCertIds, hcCertId)
-
-			listOldCertificateReq := &hcElbModel.ListCertificatesRequest{
-				Id: &showListenerResp.Listener.SniContainerRefs,
-			}
-			listOldCertificateResp, err := d.sdkClient.ListCertificates(listOldCertificateReq)
-			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
-			}
-
-			showNewCertificateReq := &hcElbModel.ShowCertificateRequest{
-				CertificateId: hcCertId,
-			}
-			showNewCertificateResp, err := d.sdkClient.ShowCertificate(showNewCertificateReq)
-			if err != nil {
-				return xerrors.Wrap(err, "failed to execute sdk request 'elb.ShowCertificate'")
-			}
-
-			for _, certificate := range *listOldCertificateResp.Certificates {
-				oldCertificate := certificate
-				newCertificate := showNewCertificateResp.Certificate
-
-				if oldCertificate.SubjectAlternativeNames != nil && newCertificate.SubjectAlternativeNames != nil {
-					if slices.Equal(*oldCertificate.SubjectAlternativeNames, *newCertificate.SubjectAlternativeNames) {
-						continue
-					}
-				} else {
-					if oldCertificate.Domain == newCertificate.Domain {
-						continue
-					}
-				}
-
-				sniCertIds = append(sniCertIds, certificate.Id)
-			}
-
-			updateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds
-		}
-
-		if showListenerResp.Listener.SniMatchAlgo != "" {
-			updateListenerReq.Body.Listener.SniMatchAlgo = cast.StringPtr(showListenerResp.Listener.SniMatchAlgo)
-		}
-	}
-	updateListenerResp, err := d.sdkClient.UpdateListener(updateListenerReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'elb.UpdateListener'")
-	}
-
-	d.infos = append(d.infos, toStr("已更新 ELB 监听器", updateListenerResp))
-
-	return nil
-}
--- a/internal/deployer/k8s_secret.go
+++ b/internal/deployer/k8s_secret.go
@ -1,136 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	k8sCore "k8s.io/api/core/v1"
-	k8sMeta "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
-	"k8s.io/client-go/tools/clientcmd"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
-)
-
-type K8sSecretDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	k8sClient *kubernetes.Clientset
-}
-
-func NewK8sSecretDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.KubernetesAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&K8sSecretDeployer{}).createK8sClient(access)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create k8s client")
-	}
-
-	return &K8sSecretDeployer{
-		option:    option,
-		infos:     make([]string, 0),
-		k8sClient: client,
-	}, nil
-}
-
-func (d *K8sSecretDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *K8sSecretDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *K8sSecretDeployer) Deploy(ctx context.Context) error {
-	namespace := d.option.DeployConfig.GetConfigAsString("namespace")
-	secretName := d.option.DeployConfig.GetConfigAsString("secretName")
-	secretDataKeyForCrt := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForCrt", "tls.crt")
-	secretDataKeyForKey := d.option.DeployConfig.GetConfigOrDefaultAsString("secretDataKeyForKey", "tls.key")
-	if namespace == "" {
-		namespace = "default"
-	}
-	if secretName == "" {
-		return errors.New("`secretName` is required")
-	}
-
-	certX509, err := x509.ParseCertificateFromPEM(d.option.Certificate.Certificate)
-	if err != nil {
-		return err
-	}
-
-	secretPayload := k8sCore.Secret{
-		TypeMeta: k8sMeta.TypeMeta{
-			Kind:       "Secret",
-			APIVersion: "v1",
-		},
-		ObjectMeta: k8sMeta.ObjectMeta{
-			Name: secretName,
-			Annotations: map[string]string{
-				"certimate/domains":             d.option.Domain,
-				"certimate/alt-names":           strings.Join(certX509.DNSNames, ","),
-				"certimate/common-name":         certX509.Subject.CommonName,
-				"certimate/issuer-organization": strings.Join(certX509.Issuer.Organization, ","),
-			},
-		},
-		Type: k8sCore.SecretType("kubernetes.io/tls"),
-	}
-	secretPayload.Data = make(map[string][]byte)
-	secretPayload.Data[secretDataKeyForCrt] = []byte(d.option.Certificate.Certificate)
-	secretPayload.Data[secretDataKeyForKey] = []byte(d.option.Certificate.PrivateKey)
-
-	// 获取 Secret 实例
-	_, err = d.k8sClient.CoreV1().Secrets(namespace).Get(context.TODO(), secretName, k8sMeta.GetOptions{})
-	if err != nil {
-		_, err = d.k8sClient.CoreV1().Secrets(namespace).Create(context.TODO(), &secretPayload, k8sMeta.CreateOptions{})
-		if err != nil {
-			return xerrors.Wrap(err, "failed to create k8s secret")
-		} else {
-			d.infos = append(d.infos, toStr("Certificate has been created in K8s Secret", nil))
-			return nil
-		}
-	}
-
-	// 更新 Secret 实例
-	_, err = d.k8sClient.CoreV1().Secrets(namespace).Update(context.TODO(), &secretPayload, k8sMeta.UpdateOptions{})
-	if err != nil {
-		return xerrors.Wrap(err, "failed to update k8s secret")
-	}
-
-	d.infos = append(d.infos, toStr("Certificate has been updated to K8s Secret", nil))
-
-	return nil
-}
-
-func (d *K8sSecretDeployer) createK8sClient(access *domain.KubernetesAccess) (*kubernetes.Clientset, error) {
-	var config *rest.Config
-	var err error
-	if access.KubeConfig == "" {
-		config, err = rest.InClusterConfig()
-	} else {
-		kubeConfig, err := clientcmd.NewClientConfigFromBytes([]byte(access.KubeConfig))
-		if err != nil {
-			return nil, err
-		}
-		config, err = kubeConfig.ClientConfig()
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	client, err := kubernetes.NewForConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/local.go
+++ b/internal/deployer/local.go
@ -1,163 +0,0 @@
-package deployer
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"os/exec"
-	"runtime"
-
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/pkg/utils/fs"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
-)
-
-type LocalDeployer struct {
-	option *DeployerOption
-	infos  []string
-}
-
-const (
-	certFormatPEM = "pem"
-	certFormatPFX = "pfx"
-	certFormatJKS = "jks"
-)
-
-const (
-	shellEnvSh         = "sh"
-	shellEnvCmd        = "cmd"
-	shellEnvPowershell = "powershell"
-)
-
-func NewLocalDeployer(option *DeployerOption) (Deployer, error) {
-	return &LocalDeployer{
-		option: option,
-		infos:  make([]string, 0),
-	}, nil
-}
-
-func (d *LocalDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *LocalDeployer) GetInfos() []string {
-	return []string{}
-}
-
-func (d *LocalDeployer) Deploy(ctx context.Context) error {
-	// 执行前置命令
-	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
-	if preCommand != "" {
-		stdout, stderr, err := d.execCommand(preCommand)
-		if err != nil {
-			return xerrors.Wrapf(err, "failed to run pre-command, stdout: %s, stderr: %s", stdout, stderr)
-		}
-
-		d.infos = append(d.infos, toStr("执行前置命令成功", stdout))
-	}
-
-	// 写入证书和私钥文件
-	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
-	case certFormatPEM:
-		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("保存证书成功", nil))
-
-		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("保存私钥成功", nil))
-
-	case certFormatPFX:
-		pfxData, err := x509.TransformCertificateFromPEMToPFX(
-			d.option.Certificate.Certificate,
-			d.option.Certificate.PrivateKey,
-			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
-		)
-		if err != nil {
-			return err
-		}
-
-		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("保存证书成功", nil))
-
-	case certFormatJKS:
-		jksData, err := x509.TransformCertificateFromPEMToJKS(
-			d.option.Certificate.Certificate,
-			d.option.Certificate.PrivateKey,
-			d.option.DeployConfig.GetConfigAsString("jksAlias"),
-			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
-			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
-		)
-		if err != nil {
-			return err
-		}
-
-		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("保存证书成功", nil))
-
-	default:
-		return errors.New("unsupported format")
-	}
-
-	// 执行命令
-	command := d.option.DeployConfig.GetConfigAsString("command")
-	if command != "" {
-		stdout, stderr, err := d.execCommand(command)
-		if err != nil {
-			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
-		}
-
-		d.infos = append(d.infos, toStr("执行命令成功", stdout))
-	}
-
-	return nil
-}
-
-func (d *LocalDeployer) execCommand(command string) (string, string, error) {
-	var cmd *exec.Cmd
-
-	switch d.option.DeployConfig.GetConfigAsString("shell") {
-	case shellEnvSh:
-		cmd = exec.Command("sh", "-c", command)
-
-	case shellEnvCmd:
-		cmd = exec.Command("cmd", "/C", command)
-
-	case shellEnvPowershell:
-		cmd = exec.Command("powershell", "-Command", command)
-
-	case "":
-		if runtime.GOOS == "windows" {
-			cmd = exec.Command("cmd", "/C", command)
-		} else {
-			cmd = exec.Command("sh", "-c", command)
-		}
-
-	default:
-		return "", "", errors.New("unsupported shell")
-	}
-
-	var stdoutBuf bytes.Buffer
-	cmd.Stdout = &stdoutBuf
-	var stderrBuf bytes.Buffer
-	cmd.Stderr = &stderrBuf
-
-	err := cmd.Run()
-	if err != nil {
-		return "", "", xerrors.Wrap(err, "failed to execute shell script")
-	}
-
-	return stdoutBuf.String(), stderrBuf.String(), nil
-}
--- a/internal/deployer/qiniu_cdn.go
+++ b/internal/deployer/qiniu_cdn.go
@ -1,113 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/qiniu/go-sdk/v7/auth"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderQiniu "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/qiniu-sslcert"
-	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
-)
-
-type QiniuCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *qiniuEx.Client
-	sslUploader uploader.Uploader
-}
-
-func NewQiniuCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.QiniuAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&QiniuCDNDeployer{}).createSdkClient(
-		access.AccessKey,
-		access.SecretKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk client")
-	}
-
-	uploader, err := uploaderQiniu.New(&uploaderQiniu.QiniuSSLCertUploaderConfig{
-		AccessKey: access.AccessKey,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &QiniuCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *QiniuCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *QiniuCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *QiniuCDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 在七牛 CDN 中泛域名表示为 .example.com，需去除前缀星号
-	domain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(domain, "*") {
-		domain = strings.TrimPrefix(domain, "*")
-	}
-
-	// 获取域名信息
-	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
-	getDomainInfoResp, err := d.sdkClient.GetDomainInfo(domain)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'cdn.GetDomainInfo'")
-	}
-
-	d.infos = append(d.infos, toStr("已获取域名信息", getDomainInfoResp))
-
-	// 判断域名是否已启用 HTTPS。如果已启用，修改域名证书；否则，启用 HTTPS
-	// REF: https://developer.qiniu.com/fusion/4246/the-domain-name
-	if getDomainInfoResp.Https != nil && getDomainInfoResp.Https.CertID != "" {
-		modifyDomainHttpsConfResp, err := d.sdkClient.ModifyDomainHttpsConf(domain, upres.CertId, getDomainInfoResp.Https.ForceHttps, getDomainInfoResp.Https.Http2Enable)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.ModifyDomainHttpsConf'")
-		}
-
-		d.infos = append(d.infos, toStr("已修改域名证书", modifyDomainHttpsConfResp))
-	} else {
-		enableDomainHttpsResp, err := d.sdkClient.EnableDomainHttps(domain, upres.CertId, true, true)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.EnableDomainHttps'")
-		}
-
-		d.infos = append(d.infos, toStr("已将域名升级为 HTTPS", enableDomainHttpsResp))
-	}
-
-	return nil
-}
-
-func (u *QiniuCDNDeployer) createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
-	credential := auth.New(accessKey, secretKey)
-	client := qiniuEx.NewClient(credential)
-	return client, nil
-}
--- a/internal/deployer/ssh.go
+++ b/internal/deployer/ssh.go
@ -1,209 +0,0 @@
-package deployer
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/pkg/sftp"
-	"golang.org/x/crypto/ssh"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/utils/x509"
-)
-
-type SSHDeployer struct {
-	option *DeployerOption
-	infos  []string
-}
-
-func NewSSHDeployer(option *DeployerOption) (Deployer, error) {
-	return &SSHDeployer{
-		option: option,
-		infos:  make([]string, 0),
-	}, nil
-}
-
-func (d *SSHDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *SSHDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *SSHDeployer) Deploy(ctx context.Context) error {
-	access := &domain.SSHAccess{}
-	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
-		return err
-	}
-
-	// 连接
-	client, err := d.createSshClient(access)
-	if err != nil {
-		return err
-	}
-	defer client.Close()
-
-	d.infos = append(d.infos, toStr("SSH 连接成功", nil))
-
-	// 执行前置命令
-	preCommand := d.option.DeployConfig.GetConfigAsString("preCommand")
-	if preCommand != "" {
-		stdout, stderr, err := d.sshExecCommand(client, preCommand)
-		if err != nil {
-			return xerrors.Wrapf(err, "failed to run pre-command: stdout: %s, stderr: %s", stdout, stderr)
-		}
-
-		d.infos = append(d.infos, toStr("SSH 执行前置命令成功", stdout))
-	}
-
-	// 上传证书和私钥文件
-	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
-	case certFormatPEM:
-		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
-
-		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("keyPath"), d.option.Certificate.PrivateKey); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("SSH 上传私钥成功", nil))
-
-	case certFormatPFX:
-		pfxData, err := x509.TransformCertificateFromPEMToPFX(
-			d.option.Certificate.Certificate,
-			d.option.Certificate.PrivateKey,
-			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
-		)
-		if err != nil {
-			return err
-		}
-
-		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), pfxData); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
-
-	case certFormatJKS:
-		jksData, err := x509.TransformCertificateFromPEMToJKS(
-			d.option.Certificate.Certificate,
-			d.option.Certificate.PrivateKey,
-			d.option.DeployConfig.GetConfigAsString("jksAlias"),
-			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
-			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
-		)
-		if err != nil {
-			return err
-		}
-
-		if err := d.writeSftpFile(client, d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
-			return err
-		}
-
-		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
-
-	default:
-		return errors.New("unsupported format")
-	}
-
-	// 执行命令
-	command := d.option.DeployConfig.GetConfigAsString("command")
-	if command != "" {
-		stdout, stderr, err := d.sshExecCommand(client, command)
-		if err != nil {
-			return xerrors.Wrapf(err, "failed to run command, stdout: %s, stderr: %s", stdout, stderr)
-		}
-
-		d.infos = append(d.infos, toStr("SSH 执行命令成功", stdout))
-	}
-
-	return nil
-}
-
-func (d *SSHDeployer) createSshClient(access *domain.SSHAccess) (*ssh.Client, error) {
-	var authMethod ssh.AuthMethod
-
-	if access.Key != "" {
-		var signer ssh.Signer
-		var err error
-
-		if access.KeyPassphrase != "" {
-			signer, err = ssh.ParsePrivateKeyWithPassphrase([]byte(access.Key), []byte(access.KeyPassphrase))
-		} else {
-			signer, err = ssh.ParsePrivateKey([]byte(access.Key))
-		}
-
-		if err != nil {
-			return nil, err
-		}
-		authMethod = ssh.PublicKeys(signer)
-	} else {
-		authMethod = ssh.Password(access.Password)
-	}
-
-	return ssh.Dial("tcp", fmt.Sprintf("%s:%s", access.Host, access.Port), &ssh.ClientConfig{
-		User: access.Username,
-		Auth: []ssh.AuthMethod{
-			authMethod,
-		},
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-	})
-}
-
-func (d *SSHDeployer) sshExecCommand(sshCli *ssh.Client, command string) (string, string, error) {
-	session, err := sshCli.NewSession()
-	if err != nil {
-		return "", "", xerrors.Wrap(err, "failed to create ssh session")
-	}
-
-	defer session.Close()
-	var stdoutBuf bytes.Buffer
-	session.Stdout = &stdoutBuf
-	var stderrBuf bytes.Buffer
-	session.Stderr = &stderrBuf
-	err = session.Run(command)
-	if err != nil {
-		return "", "", xerrors.Wrap(err, "failed to execute ssh script")
-	}
-
-	return stdoutBuf.String(), stderrBuf.String(), nil
-}
-
-func (d *SSHDeployer) writeSftpFileString(sshCli *ssh.Client, path string, content string) error {
-	return d.writeSftpFile(sshCli, path, []byte(content))
-}
-
-func (d *SSHDeployer) writeSftpFile(sshCli *ssh.Client, path string, data []byte) error {
-	sftpCli, err := sftp.NewClient(sshCli)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to create sftp client")
-	}
-	defer sftpCli.Close()
-
-	if err := sftpCli.MkdirAll(filepath.Dir(path)); err != nil {
-		return xerrors.Wrap(err, "failed to create remote directory")
-	}
-
-	file, err := sftpCli.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to open remote file")
-	}
-	defer file.Close()
-
-	_, err = file.Write(data)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to write to remote file")
-	}
-
-	return nil
-}
--- a/internal/deployer/ssh_test.go
+++ b/internal/deployer/ssh_test.go
@ -1,12 +0,0 @@
-package deployer
-
-import (
-	"os"
-	"path"
-	"testing"
-)
-
-func TestPath(t *testing.T) {
-	dir := path.Dir("./a/b/c")
-	os.MkdirAll(dir, 0o755)
-}
--- a/internal/deployer/tencent_cdn.go
+++ b/internal/deployer/tencent_cdn.go
@ -1,194 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-	"golang.org/x/exp/slices"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
-)
-
-type TencentCDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClients  *tencentCDNDeployerSdkClients
-	sslUploader uploader.Uploader
-}
-
-type tencentCDNDeployerSdkClients struct {
-	ssl *tcSsl.Client
-	cdn *tcCdn.Client
-}
-
-func NewTencentCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.TencentAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	clients, err := (&TencentCDNDeployer{}).createSdkClients(
-		access.SecretId,
-		access.SecretKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
-	}
-
-	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
-		SecretId:  access.SecretId,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &TencentCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClients:  clients,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *TencentCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *TencentCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *TencentCDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 获取待部署的 CDN 实例
-	// 如果是泛域名，根据证书匹配 CDN 实例
-	tcInstanceIds := make([]string, 0)
-	domain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(domain, "*") {
-		domains, err := d.getDomainsByCertificateId(upres.CertId)
-		if err != nil {
-			return err
-		}
-
-		tcInstanceIds = domains
-	} else {
-		tcInstanceIds = append(tcInstanceIds, domain)
-	}
-
-	// 跳过已部署的 CDN 实例
-	if len(tcInstanceIds) > 0 {
-		deployedDomains, err := d.getDeployedDomainsByCertificateId(upres.CertId)
-		if err != nil {
-			return err
-		}
-
-		temp := make([]string, 0)
-		for _, tcInstanceId := range tcInstanceIds {
-			if !slices.Contains(deployedDomains, tcInstanceId) {
-				temp = append(temp, tcInstanceId)
-			}
-		}
-		tcInstanceIds = temp
-	}
-	if len(tcInstanceIds) == 0 {
-		d.infos = append(d.infos, "已部署过或没有要部署的 CDN 实例")
-		return nil
-	}
-
-	// 证书部署到 CDN 实例
-	// REF: https://cloud.tencent.com/document/product/400/91667
-	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
-	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
-	deployCertificateInstanceReq.ResourceType = common.StringPtr("cdn")
-	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
-	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(tcInstanceIds)
-	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
-	}
-
-	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
-
-	return nil
-}
-
-func (d *TencentCDNDeployer) createSdkClients(secretId, secretKey string) (*tencentCDNDeployerSdkClients, error) {
-	credential := common.NewCredential(secretId, secretKey)
-
-	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return &tencentCDNDeployerSdkClients{
-		ssl: sslClient,
-		cdn: cdnClient,
-	}, nil
-}
-
-func (d *TencentCDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
-	// 获取证书中的可用域名
-	// REF: https://cloud.tencent.com/document/product/228/42491
-	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
-	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
-	describeCertDomainsReq.Product = common.StringPtr("cdn")
-	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
-	}
-
-	domains := make([]string, 0)
-	if describeCertDomainsResp.Response.Domains == nil {
-		for _, domain := range describeCertDomainsResp.Response.Domains {
-			domains = append(domains, *domain)
-		}
-	}
-
-	return domains, nil
-}
-
-func (d *TencentCDNDeployer) getDeployedDomainsByCertificateId(tcCertId string) ([]string, error) {
-	// 根据证书查询关联 CDN 域名
-	// REF: https://cloud.tencent.com/document/product/400/62674
-	describeDeployedResourcesReq := tcSsl.NewDescribeDeployedResourcesRequest()
-	describeDeployedResourcesReq.CertificateIds = common.StringPtrs([]string{tcCertId})
-	describeDeployedResourcesReq.ResourceType = common.StringPtr("cdn")
-	describeDeployedResourcesResp, err := d.sdkClients.ssl.DescribeDeployedResources(describeDeployedResourcesReq)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeDeployedResources'")
-	}
-
-	domains := make([]string, 0)
-	if describeDeployedResourcesResp.Response.DeployedResources != nil {
-		for _, deployedResource := range describeDeployedResourcesResp.Response.DeployedResources {
-			for _, resource := range deployedResource.Resources {
-				domains = append(domains, *resource)
-			}
-		}
-	}
-
-	return domains, nil
-}
--- a/internal/deployer/tencent_clb.go
+++ b/internal/deployer/tencent_clb.go
@ -1,328 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	xerrors "github.com/pkg/errors"
-	tcClb "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/clb/v20180317"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
-)
-
-type TencentCLBDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClients  *tencentCLBDeployerSdkClients
-	sslUploader uploader.Uploader
-}
-
-type tencentCLBDeployerSdkClients struct {
-	ssl *tcSsl.Client
-	clb *tcClb.Client
-}
-
-func NewTencentCLBDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.TencentAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	clients, err := (&TencentCLBDeployer{}).createSdkClients(
-		access.SecretId,
-		access.SecretKey,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
-	}
-
-	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
-		SecretId:  access.SecretId,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &TencentCLBDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClients:  clients,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *TencentCLBDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *TencentCLBDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *TencentCLBDeployer) Deploy(ctx context.Context) error {
-	switch d.option.DeployConfig.GetConfigAsString("resourceType") {
-	case "ssl-deploy":
-		// 通过 SSL 服务部署到云资源实例
-		err := d.deployToInstanceUseSsl(ctx)
-		if err != nil {
-			return err
-		}
-	case "loadbalancer":
-		// 部署到指定负载均衡器
-		if err := d.deployToLoadbalancer(ctx); err != nil {
-			return err
-		}
-	case "listener":
-		// 部署到指定监听器
-		if err := d.deployToListener(ctx); err != nil {
-			return err
-		}
-	case "ruledomain":
-		// 部署到指定七层监听转发规则域名
-		if err := d.deployToRuleDomain(ctx); err != nil {
-			return err
-		}
-	default:
-		return errors.New("unsupported resource type")
-	}
-
-	return nil
-}
-
-func (d *TencentCLBDeployer) createSdkClients(secretId, secretKey, region string) (*tencentCLBDeployerSdkClients, error) {
-	credential := common.NewCredential(secretId, secretKey)
-
-	sslClient, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	clbClient, err := tcClb.NewClient(credential, region, profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return &tencentCLBDeployerSdkClients{
-		ssl: sslClient,
-		clb: clbClient,
-	}, nil
-}
-
-func (d *TencentCLBDeployer) deployToInstanceUseSsl(ctx context.Context) error {
-	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if tcLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-	if tcListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 证书部署到 CLB 实例
-	// REF: https://cloud.tencent.com/document/product/400/91667
-	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
-	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
-	deployCertificateInstanceReq.ResourceType = common.StringPtr("clb")
-	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
-	if tcDomain == "" {
-		// 未开启 SNI，只需指定到监听器
-		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s", tcLoadbalancerId, tcListenerId)})
-	} else {
-		// 开启 SNI，需指定到域名（支持泛域名）
-		deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s|%s|%s", tcLoadbalancerId, tcListenerId, tcDomain)})
-	}
-	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
-	}
-
-	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
-
-	return nil
-}
-
-func (d *TencentCLBDeployer) deployToLoadbalancer(ctx context.Context) error {
-	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	tcListenerIds := make([]string, 0)
-	if tcLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-
-	// 查询负载均衡器详细信息
-	// REF: https://cloud.tencent.com/document/api/214/46916
-	describeLoadBalancersDetailReq := tcClb.NewDescribeLoadBalancersDetailRequest()
-	describeLoadBalancersDetailResp, err := d.sdkClients.clb.DescribeLoadBalancersDetail(describeLoadBalancersDetailReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeLoadBalancersDetail'")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到负载均衡详细信息", describeLoadBalancersDetailResp))
-
-	// 查询监听器列表
-	// REF: https://cloud.tencent.com/document/api/214/30686
-	describeListenersReq := tcClb.NewDescribeListenersRequest()
-	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
-	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
-	} else {
-		if describeListenersResp.Response.Listeners != nil {
-			for _, listener := range describeListenersResp.Response.Listeners {
-				if listener.Protocol == nil || (*listener.Protocol != "HTTPS" && *listener.Protocol != "TCP_SSL" && *listener.Protocol != "QUIC") {
-					continue
-				}
-
-				tcListenerIds = append(tcListenerIds, *listener.ListenerId)
-			}
-		}
-	}
-
-	d.infos = append(d.infos, toStr("已查询到负载均衡器下的监听器", tcListenerIds))
-
-	// 上传证书到 SCM
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 批量更新监听器证书
-	var errs []error
-	for _, tcListenerId := range tcListenerIds {
-		if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
-			errs = append(errs, err)
-		}
-	}
-	if len(errs) > 0 {
-		return errors.Join(errs...)
-	}
-
-	return nil
-}
-
-func (d *TencentCLBDeployer) deployToListener(ctx context.Context) error {
-	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	if tcLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-	if tcListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 更新监听器证书
-	if err := d.modifyListenerCertificate(ctx, tcLoadbalancerId, tcListenerId, upres.CertId); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (d *TencentCLBDeployer) deployToRuleDomain(ctx context.Context) error {
-	tcLoadbalancerId := d.option.DeployConfig.GetConfigAsString("loadbalancerId")
-	tcListenerId := d.option.DeployConfig.GetConfigAsString("listenerId")
-	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if tcLoadbalancerId == "" {
-		return errors.New("`loadbalancerId` is required")
-	}
-	if tcListenerId == "" {
-		return errors.New("`listenerId` is required")
-	}
-	if tcDomain == "" {
-		return errors.New("`domain` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 修改负载均衡七层监听器转发规则的域名级别属性
-	// REF: https://cloud.tencent.com/document/api/214/38092
-	modifyDomainAttributesReq := tcClb.NewModifyDomainAttributesRequest()
-	modifyDomainAttributesReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
-	modifyDomainAttributesReq.ListenerId = common.StringPtr(tcListenerId)
-	modifyDomainAttributesReq.Domain = common.StringPtr(tcDomain)
-	modifyDomainAttributesReq.Certificate = &tcClb.CertificateInput{
-		SSLMode: common.StringPtr("UNIDIRECTIONAL"),
-		CertId:  common.StringPtr(upres.CertId),
-	}
-	modifyDomainAttributesResp, err := d.sdkClients.clb.ModifyDomainAttributes(modifyDomainAttributesReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyDomainAttributes'")
-	}
-
-	d.infos = append(d.infos, toStr("已修改七层监听器转发规则的域名级别属性", modifyDomainAttributesResp.Response))
-
-	return nil
-}
-
-func (d *TencentCLBDeployer) modifyListenerCertificate(ctx context.Context, tcLoadbalancerId, tcListenerId, tcCertId string) error {
-	// 查询监听器列表
-	// REF: https://cloud.tencent.com/document/api/214/30686
-	describeListenersReq := tcClb.NewDescribeListenersRequest()
-	describeListenersReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
-	describeListenersReq.ListenerIds = common.StringPtrs([]string{tcListenerId})
-	describeListenersResp, err := d.sdkClients.clb.DescribeListeners(describeListenersReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'clb.DescribeListeners'")
-	}
-	if len(describeListenersResp.Response.Listeners) == 0 {
-		d.infos = append(d.infos, toStr("未找到监听器", nil))
-		return errors.New("listener not found")
-	}
-
-	d.infos = append(d.infos, toStr("已查询到监听器属性", describeListenersResp.Response))
-
-	// 修改监听器属性
-	// REF: https://cloud.tencent.com/document/product/214/30681
-	modifyListenerReq := tcClb.NewModifyListenerRequest()
-	modifyListenerReq.LoadBalancerId = common.StringPtr(tcLoadbalancerId)
-	modifyListenerReq.ListenerId = common.StringPtr(tcListenerId)
-	modifyListenerReq.Certificate = &tcClb.CertificateInput{CertId: common.StringPtr(tcCertId)}
-	if describeListenersResp.Response.Listeners[0].Certificate != nil && describeListenersResp.Response.Listeners[0].Certificate.SSLMode != nil {
-		modifyListenerReq.Certificate.SSLMode = describeListenersResp.Response.Listeners[0].Certificate.SSLMode
-		modifyListenerReq.Certificate.CertCaId = describeListenersResp.Response.Listeners[0].Certificate.CertCaId
-	} else {
-		modifyListenerReq.Certificate.SSLMode = common.StringPtr("UNIDIRECTIONAL")
-	}
-	modifyListenerResp, err := d.sdkClients.clb.ModifyListener(modifyListenerReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'clb.ModifyListener'")
-	}
-
-	d.infos = append(d.infos, toStr("已修改监听器属性", modifyListenerResp.Response))
-
-	return nil
-}
--- a/internal/deployer/tencent_cos.go
+++ b/internal/deployer/tencent_cos.go
@ -1,107 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
-)
-
-type TencentCOSDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClient   *tcSsl.Client
-	sslUploader uploader.Uploader
-}
-
-func NewTencentCOSDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.TencentAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	client, err := (&TencentCOSDeployer{}).createSdkClient(
-		access.SecretId,
-		access.SecretKey,
-		option.DeployConfig.GetConfigAsString("region"),
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
-	}
-
-	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
-		SecretId:  access.SecretId,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &TencentCOSDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *TencentCOSDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *TencentCOSDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *TencentCOSDeployer) Deploy(ctx context.Context) error {
-	tcRegion := d.option.DeployConfig.GetConfigAsString("region")
-	tcBucket := d.option.DeployConfig.GetConfigAsString("bucket")
-	tcDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if tcBucket == "" {
-		return errors.New("`bucket` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 证书部署到 COS 实例
-	// REF: https://cloud.tencent.com/document/product/400/91667
-	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
-	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
-	deployCertificateInstanceReq.ResourceType = common.StringPtr("cos")
-	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
-	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs([]string{fmt.Sprintf("%s#%s#%s", tcRegion, tcBucket, tcDomain)})
-	deployCertificateInstanceResp, err := d.sdkClient.DeployCertificateInstance(deployCertificateInstanceReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
-	}
-
-	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
-
-	return nil
-}
-
-func (d *TencentCOSDeployer) createSdkClient(secretId, secretKey, region string) (*tcSsl.Client, error) {
-	credential := common.NewCredential(secretId, secretKey)
-	client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return client, nil
-}
--- a/internal/deployer/tencent_ecdn.go
+++ b/internal/deployer/tencent_ecdn.go
@ -1,154 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	tcCdn "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn/v20180606"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
-)
-
-type TencentECDNDeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClients  *tencentECDNDeployerSdkClients
-	sslUploader uploader.Uploader
-}
-
-type tencentECDNDeployerSdkClients struct {
-	ssl *tcSsl.Client
-	cdn *tcCdn.Client
-}
-
-func NewTencentECDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.TencentAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	clients, err := (&TencentECDNDeployer{}).createSdkClients(
-		access.SecretId,
-		access.SecretKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
-	}
-
-	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
-		SecretId:  access.SecretId,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &TencentECDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClients:  clients,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *TencentECDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *TencentECDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *TencentECDNDeployer) Deploy(ctx context.Context) error {
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 获取待部署的 ECDN 实例
-	// 如果是泛域名，根据证书匹配 ECDN 实例
-	aliInstanceIds := make([]string, 0)
-	domain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(domain, "*") {
-		domains, err := d.getDomainsByCertificateId(upres.CertId)
-		if err != nil {
-			return err
-		}
-
-		aliInstanceIds = domains
-	} else {
-		aliInstanceIds = append(aliInstanceIds, domain)
-	}
-	if len(aliInstanceIds) == 0 {
-		d.infos = append(d.infos, "没有要部署的 ECDN 实例")
-		return nil
-	}
-
-	// 证书部署到 ECDN 实例
-	// REF: https://cloud.tencent.com/document/product/400/91667
-	deployCertificateInstanceReq := tcSsl.NewDeployCertificateInstanceRequest()
-	deployCertificateInstanceReq.CertificateId = common.StringPtr(upres.CertId)
-	deployCertificateInstanceReq.ResourceType = common.StringPtr("ecdn")
-	deployCertificateInstanceReq.Status = common.Int64Ptr(1)
-	deployCertificateInstanceReq.InstanceIdList = common.StringPtrs(aliInstanceIds)
-	deployCertificateInstanceResp, err := d.sdkClients.ssl.DeployCertificateInstance(deployCertificateInstanceReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'ssl.DeployCertificateInstance'")
-	}
-
-	d.infos = append(d.infos, toStr("已部署证书到云资源实例", deployCertificateInstanceResp.Response))
-
-	return nil
-}
-
-func (d *TencentECDNDeployer) createSdkClients(secretId, secretKey string) (*tencentECDNDeployerSdkClients, error) {
-	credential := common.NewCredential(secretId, secretKey)
-
-	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	cdnClient, err := tcCdn.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return &tencentECDNDeployerSdkClients{
-		ssl: sslClient,
-		cdn: cdnClient,
-	}, nil
-}
-
-func (d *TencentECDNDeployer) getDomainsByCertificateId(tcCertId string) ([]string, error) {
-	// 获取证书中的可用域名
-	// REF: https://cloud.tencent.com/document/product/228/42491
-	describeCertDomainsReq := tcCdn.NewDescribeCertDomainsRequest()
-	describeCertDomainsReq.CertId = common.StringPtr(tcCertId)
-	describeCertDomainsReq.Product = common.StringPtr("ecdn")
-	describeCertDomainsResp, err := d.sdkClients.cdn.DescribeCertDomains(describeCertDomainsReq)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertDomains'")
-	}
-
-	domains := make([]string, 0)
-	if describeCertDomainsResp.Response.Domains == nil {
-		for _, domain := range describeCertDomainsResp.Response.Domains {
-			domains = append(domains, *domain)
-		}
-	}
-
-	return domains, nil
-}
--- a/internal/deployer/tencent_teo.go
+++ b/internal/deployer/tencent_teo.go
@ -1,119 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
-	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
-	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
-	tcTeo "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo/v20220901"
-
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	uploaderTcSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
-)
-
-type TencentTEODeployer struct {
-	option *DeployerOption
-	infos  []string
-
-	sdkClients  *tencentTEODeployerSdkClients
-	sslUploader uploader.Uploader
-}
-
-type tencentTEODeployerSdkClients struct {
-	ssl *tcSsl.Client
-	teo *tcTeo.Client
-}
-
-func NewTencentTEODeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.TencentAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-
-	clients, err := (&TencentTEODeployer{}).createSdkClients(
-		access.SecretId,
-		access.SecretKey,
-	)
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create sdk clients")
-	}
-
-	uploader, err := uploaderTcSsl.New(&uploaderTcSsl.TencentCloudSSLUploaderConfig{
-		SecretId:  access.SecretId,
-		SecretKey: access.SecretKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-
-	return &TencentTEODeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClients:  clients,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *TencentTEODeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *TencentTEODeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *TencentTEODeployer) Deploy(ctx context.Context) error {
-	tcZoneId := d.option.DeployConfig.GetConfigAsString("zoneId")
-	if tcZoneId == "" {
-		return xerrors.New("`zoneId` is required")
-	}
-
-	// 上传证书到 SSL
-	upres, err := d.sslUploader.Upload(ctx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	// 配置域名证书
-	// REF: https://cloud.tencent.com/document/product/1552/80764
-	modifyHostsCertificateReq := tcTeo.NewModifyHostsCertificateRequest()
-	modifyHostsCertificateReq.ZoneId = common.StringPtr(tcZoneId)
-	modifyHostsCertificateReq.Mode = common.StringPtr("sslcert")
-	modifyHostsCertificateReq.Hosts = common.StringPtrs(strings.Split(strings.ReplaceAll(d.option.Domain, "\r\n", "\n"), "\n"))
-	modifyHostsCertificateReq.ServerCertInfo = []*tcTeo.ServerCertInfo{{CertId: common.StringPtr(upres.CertId)}}
-	modifyHostsCertificateResp, err := d.sdkClients.teo.ModifyHostsCertificate(modifyHostsCertificateReq)
-	if err != nil {
-		return xerrors.Wrap(err, "failed to execute sdk request 'teo.ModifyHostsCertificate'")
-	}
-
-	d.infos = append(d.infos, toStr("已配置域名证书", modifyHostsCertificateResp.Response))
-
-	return nil
-}
-
-func (d *TencentTEODeployer) createSdkClients(secretId, secretKey string) (*tencentTEODeployerSdkClients, error) {
-	credential := common.NewCredential(secretId, secretKey)
-
-	sslClient, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	teoClient, err := tcTeo.NewClient(credential, "", profile.NewClientProfile())
-	if err != nil {
-		return nil, err
-	}
-
-	return &tencentTEODeployerSdkClients{
-		ssl: sslClient,
-		teo: teoClient,
-	}, nil
-}
--- a/internal/deployer/volcengine_cdn.go
+++ b/internal/deployer/volcengine_cdn.go
@ -1,116 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	volcenginecdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-cdn"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	"github.com/volcengine/volc-sdk-golang/service/cdn"
-)
-
-type VolcengineCDNDeployer struct {
-	option      *DeployerOption
-	infos       []string
-	sdkClient   *cdn.CDN
-	sslUploader uploader.Uploader
-}
-
-func NewVolcengineCDNDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.VolcEngineAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-	client := cdn.NewInstance()
-	client.Client.SetAccessKey(access.AccessKeyId)
-	client.Client.SetSecretKey(access.SecretAccessKey)
-	uploader, err := volcenginecdn.New(&volcenginecdn.VolcEngineCDNUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		AccessKeySecret: access.SecretAccessKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-	return &VolcengineCDNDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *VolcengineCDNDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *VolcengineCDNDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *VolcengineCDNDeployer) Deploy(ctx context.Context) error {
-	apiCtx := context.Background()
-	// 上传证书
-	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	domains := make([]string, 0)
-	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(configDomain, "*.") {
-		// 获取证书可以部署的域名
-		// REF: https://www.volcengine.com/docs/6454/125711
-		describeCertConfigReq := &cdn.DescribeCertConfigRequest{
-			CertId: upres.CertId,
-		}
-		describeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertConfig'")
-		}
-		for i := range describeCertConfigResp.Result.CertNotConfig {
-			// 当前未启用 HTTPS 的加速域名列表。
-			domains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain)
-		}
-		for i := range describeCertConfigResp.Result.OtherCertConfig {
-			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联的证书不是您指定的证书。
-			domains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain)
-		}
-		for i := range describeCertConfigResp.Result.SpecifiedCertConfig {
-			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联了您指定的证书。
-			d.infos = append(d.infos, fmt.Sprintf("%s域名已配置该证书", describeCertConfigResp.Result.SpecifiedCertConfig[i].Domain))
-		}
-		if len(domains) == 0 {
-			if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 {
-				// 所有匹配的域名都配置了该证书，跳过部署
-				return nil
-			} else {
-				return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
-			}
-		}
-	} else {
-		domains = append(domains, configDomain)
-	}
-	// 部署证书
-	// REF: https://www.volcengine.com/docs/6454/125712
-	for i := range domains {
-		batchDeployCertReq := &cdn.BatchDeployCertRequest{
-			CertId: upres.CertId,
-			Domain: domains[i],
-		}
-		batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BatchDeployCert'")
-		} else {
-			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), batchDeployCertResp))
-		}
-	}
-
-	return nil
-}
--- a/internal/deployer/volcengine_live.go
+++ b/internal/deployer/volcengine_live.go
@ -1,148 +0,0 @@
-package deployer
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"regexp"
-	"strings"
-
-	xerrors "github.com/pkg/errors"
-	"github.com/usual2970/certimate/internal/domain"
-	"github.com/usual2970/certimate/internal/pkg/core/uploader"
-	volcenginelive "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/volcengine-live"
-	"github.com/usual2970/certimate/internal/pkg/utils/cast"
-	"github.com/volcengine/volc-sdk-golang/base"
-	live "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
-)
-
-type VolcengineLiveDeployer struct {
-	option      *DeployerOption
-	infos       []string
-	sdkClient   *live.Live
-	sslUploader uploader.Uploader
-}
-
-func NewVolcengineLiveDeployer(option *DeployerOption) (Deployer, error) {
-	access := &domain.VolcEngineAccess{}
-	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
-		return nil, xerrors.Wrap(err, "failed to get access")
-	}
-	client := live.NewInstance()
-	client.SetCredential(base.Credentials{
-		AccessKeyID:     access.AccessKeyId,
-		SecretAccessKey: access.SecretAccessKey,
-	})
-	uploader, err := volcenginelive.New(&volcenginelive.VolcEngineLiveUploaderConfig{
-		AccessKeyId:     access.AccessKeyId,
-		AccessKeySecret: access.SecretAccessKey,
-	})
-	if err != nil {
-		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
-	}
-	return &VolcengineLiveDeployer{
-		option:      option,
-		infos:       make([]string, 0),
-		sdkClient:   client,
-		sslUploader: uploader,
-	}, nil
-}
-
-func (d *VolcengineLiveDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *VolcengineLiveDeployer) GetInfos() []string {
-	return d.infos
-}
-
-func (d *VolcengineLiveDeployer) Deploy(ctx context.Context) error {
-	apiCtx := context.Background()
-	// 上传证书
-	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
-	if err != nil {
-		return err
-	}
-
-	d.infos = append(d.infos, toStr("已上传证书", upres))
-
-	domains := make([]string, 0)
-	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
-	if strings.HasPrefix(configDomain, "*.") {
-		// 如果是泛域名，获取所有的域名并匹配
-		matchDomains, err := d.getDomainsByWildcardDomain(apiCtx, configDomain)
-		if err != nil {
-			d.infos = append(d.infos, toStr("获取域名列表失败", upres))
-			return xerrors.Wrap(err, "failed to execute sdk request 'live.ListDomainDetail'")
-		}
-		if len(matchDomains) == 0 {
-			return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
-		}
-		domains = matchDomains
-	} else {
-		domains = append(domains, configDomain)
-	}
-
-	// 部署证书
-	// REF: https://www.volcengine.com/docs/6469/1186278#%E7%BB%91%E5%AE%9A%E8%AF%81%E4%B9%A6d
-	for i := range domains {
-		bindCertReq := &live.BindCertBody{
-			ChainID: upres.CertId,
-			Domain:  domains[i],
-			HTTPS:   cast.BoolPtr(true),
-		}
-		bindCertResp, err := d.sdkClient.BindCert(apiCtx, bindCertReq)
-		if err != nil {
-			return xerrors.Wrap(err, "failed to execute sdk request 'live.BindCert'")
-		} else {
-			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), bindCertResp))
-		}
-	}
-
-	return nil
-}
-
-func (d *VolcengineLiveDeployer) getDomainsByWildcardDomain(ctx context.Context, wildcardDomain string) ([]string, error) {
-	pageNum := int32(1)
-	searchTotal := 0
-	domains := make([]string, 0)
-	for {
-		listDomainDetailReq := &live.ListDomainDetailBody{
-			PageNum:  pageNum,
-			PageSize: 1000,
-		}
-		// 查询域名列表
-		// REF: https://www.volcengine.com/docs/6469/1186277#%E6%9F%A5%E8%AF%A2%E5%9F%9F%E5%90%8D%E5%88%97%E8%A1%A8
-		listDomainDetailResp, err := d.sdkClient.ListDomainDetail(ctx, listDomainDetailReq)
-		if err != nil {
-			return domains, err
-		}
-		if listDomainDetailResp.Result.DomainList != nil {
-			for _, item := range listDomainDetailResp.Result.DomainList {
-				if matchWildcardDomain(item.Domain, wildcardDomain) {
-					domains = append(domains, item.Domain)
-				}
-			}
-		}
-		searchTotal += len(listDomainDetailResp.Result.DomainList)
-		if int(listDomainDetailResp.Result.Total) > searchTotal {
-			pageNum++
-		} else {
-			break
-		}
-	}
-
-	return domains, nil
-}
-
-func matchWildcardDomain(domain, wildcardDomain string) bool {
-	if strings.HasPrefix(wildcardDomain, "*.") {
-		if "*."+domain == wildcardDomain {
-			return true
-		}
-		regexPattern := "^([a-zA-Z0-9_-]+)\\." + regexp.QuoteMeta(wildcardDomain[2:]) + "$"
-		regex := regexp.MustCompile(regexPattern)
-		return regex.MatchString(domain)
-	}
-	return domain == wildcardDomain
-}
--- a/internal/deployer/webhook.go
+++ b/internal/deployer/webhook.go
@ -1,66 +0,0 @@
-package deployer
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	xerrors "github.com/pkg/errors"
-
-	"github.com/usual2970/certimate/internal/domain"
-	xhttp "github.com/usual2970/certimate/internal/utils/http"
-)
-
-type WebhookDeployer struct {
-	option *DeployerOption
-	infos  []string
-}
-
-func NewWebhookDeployer(option *DeployerOption) (Deployer, error) {
-	return &WebhookDeployer{
-		option: option,
-		infos:  make([]string, 0),
-	}, nil
-}
-
-func (d *WebhookDeployer) GetID() string {
-	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
-}
-
-func (d *WebhookDeployer) GetInfos() []string {
-	return d.infos
-}
-
-type webhookData struct {
-	Domain      string            `json:"domain"`
-	Certificate string            `json:"certificate"`
-	PrivateKey  string            `json:"privateKey"`
-	Variables   map[string]string `json:"variables"`
-}
-
-func (d *WebhookDeployer) Deploy(ctx context.Context) error {
-	access := &domain.WebhookAccess{}
-	if err := json.Unmarshal([]byte(d.option.Access), access); err != nil {
-		return xerrors.Wrap(err, "failed to get access")
-	}
-
-	data := &webhookData{
-		Domain:      d.option.Domain,
-		Certificate: d.option.Certificate.Certificate,
-		PrivateKey:  d.option.Certificate.PrivateKey,
-		Variables:   d.option.DeployConfig.GetConfigAsVariables(),
-	}
-	body, _ := json.Marshal(data)
-	resp, err := xhttp.Req(access.Url, http.MethodPost, bytes.NewReader(body), map[string]string{
-		"Content-Type": "application/json",
-	})
-	if err != nil {
-		return xerrors.Wrap(err, "failed to send webhook request")
-	}
-
-	d.infos = append(d.infos, toStr("Webhook Response", string(resp)))
-
-	return nil
-}
--- a/internal/domain/domains.go
+++ b/internal/domain/domains.go
@ -23,7 +23,7 @@ type DeployConfig struct {
 	Config map[string]any `json:"config"`
 }

-// 以字符串形式获取配置项。
+// Deprecated: 以字符串形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -34,7 +34,7 @@ func (dc *DeployConfig) GetConfigAsString(key string) string {
 	return maps.GetValueAsString(dc.Config, key)
 }

-// 以字符串形式获取配置项。
+// Deprecated: 以字符串形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -46,7 +46,7 @@ func (dc *DeployConfig) GetConfigOrDefaultAsString(key string, defaultValue stri
 	return maps.GetValueOrDefaultAsString(dc.Config, key, defaultValue)
 }

-// 以 32 位整数形式获取配置项。
+// Deprecated: 以 32 位整数形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -57,7 +57,7 @@ func (dc *DeployConfig) GetConfigAsInt32(key string) int32 {
 	return maps.GetValueAsInt32(dc.Config, key)
 }

-// 以 32 位整数形式获取配置项。
+// Deprecated: 以 32 位整数形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -69,7 +69,7 @@ func (dc *DeployConfig) GetConfigOrDefaultAsInt32(key string, defaultValue int32
 	return maps.GetValueOrDefaultAsInt32(dc.Config, key, defaultValue)
 }

-// 以布尔形式获取配置项。
+// Deprecated: 以布尔形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -80,7 +80,7 @@ func (dc *DeployConfig) GetConfigAsBool(key string) bool {
 	return maps.GetValueAsBool(dc.Config, key)
 }

-// 以布尔形式获取配置项。
+// Deprecated: 以布尔形式获取配置项。
 //
 // 入参：
 //   - key: 配置项的键。
@ -92,7 +92,7 @@ func (dc *DeployConfig) GetConfigOrDefaultAsBool(key string, defaultValue bool)
 	return maps.GetValueOrDefaultAsBool(dc.Config, key, defaultValue)
 }

-// 以变量字典形式获取配置项。
+// Deprecated: 以变量字典形式获取配置项。
 //
 // 出参：
 //   - 变量字典。
@ -119,7 +119,7 @@ func (dc *DeployConfig) GetConfigAsVariables() map[string]string {
 	return rs
 }

-// GetDomain returns the domain from the deploy config
+// Deprecated: GetDomain returns the domain from the deploy config,
 // if the domain is a wildcard domain, and wildcard is true, return the wildcard domain
 func (dc *DeployConfig) GetDomain(wildcard ...bool) string {
 	val := dc.GetConfigAsString("domain")
--- a/internal/domain/notify.go
+++ b/internal/domain/notify.go
@ -1,13 +1,20 @@
 package domain

+/*
+消息通知渠道常量值。
+
+	注意：如果追加新的常量值，请保持以 ASCII 排序。
+	NOTICE: If you add new constant, please keep ASCII order.
+*/
 const (
-	NotifyChannelEmail      = "email"
-	NotifyChannelWebhook    = "webhook"
-	NotifyChannelDingtalk   = "dingtalk"
-	NotifyChannelLark       = "lark"
-	NotifyChannelTelegram   = "telegram"
-	NotifyChannelServerChan = "serverchan"
 	NotifyChannelBark       = "bark"
+	NotifyChannelDingtalk   = "dingtalk"
+	NotifyChannelEmail      = "email"
+	NotifyChannelLark       = "lark"
+	NotifyChannelServerChan = "serverchan"
+	NotifyChannelTelegram   = "telegram"
+	NotifyChannelWebhook    = "webhook"
+	NotifyChannelWeCom      = "wecom"
 )

 type NotifyTestPushReq struct {
--- a/internal/notify/factory.go
+++ b/internal/notify/factory.go
@ -12,11 +12,28 @@ import (
 	providerServerChan "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/serverchan"
 	providerTelegram "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/telegram"
 	providerWebhook "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/webhook"
+	providerWeCom "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecom"
 	"github.com/usual2970/certimate/internal/pkg/utils/maps"
 )

 func createNotifier(channel string, channelConfig map[string]any) (notifier.Notifier, error) {
+	/*
+	  注意：如果追加新的常量值，请保持以 ASCII 排序。
+	  NOTICE: If you add new constant, please keep ASCII order.
+	*/
 	switch channel {
+	case domain.NotifyChannelBark:
+		return providerBark.New(&providerBark.BarkNotifierConfig{
+			DeviceKey: maps.GetValueAsString(channelConfig, "deviceKey"),
+			ServerUrl: maps.GetValueAsString(channelConfig, "serverUrl"),
+		})
+
+	case domain.NotifyChannelDingtalk:
+		return providerDingTalk.New(&providerDingTalk.DingTalkNotifierConfig{
+			AccessToken: maps.GetValueAsString(channelConfig, "accessToken"),
+			Secret:      maps.GetValueAsString(channelConfig, "secret"),
+		})
+
 	case domain.NotifyChannelEmail:
 		return providerEmail.New(&providerEmail.EmailNotifierConfig{
 			SmtpHost:        maps.GetValueAsString(channelConfig, "smtpHost"),
@ -28,37 +45,30 @@ func createNotifier(channel string, channelConfig map[string]any) (notifier.Noti
 			ReceiverAddress: maps.GetValueAsString(channelConfig, "receiverAddress"),
 		})

-	case domain.NotifyChannelWebhook:
-		return providerWebhook.New(&providerWebhook.WebhookNotifierConfig{
-			Url: maps.GetValueAsString(channelConfig, "url"),
-		})
-
-	case domain.NotifyChannelDingtalk:
-		return providerDingTalk.New(&providerDingTalk.DingTalkNotifierConfig{
-			AccessToken: maps.GetValueAsString(channelConfig, "accessToken"),
-			Secret:      maps.GetValueAsString(channelConfig, "secret"),
-		})
-
 	case domain.NotifyChannelLark:
 		return providerLark.New(&providerLark.LarkNotifierConfig{
 			WebhookUrl: maps.GetValueAsString(channelConfig, "webhookUrl"),
 		})

+	case domain.NotifyChannelServerChan:
+		return providerServerChan.New(&providerServerChan.ServerChanNotifierConfig{
+			Url: maps.GetValueAsString(channelConfig, "url"),
+		})
+
 	case domain.NotifyChannelTelegram:
 		return providerTelegram.New(&providerTelegram.TelegramNotifierConfig{
 			ApiToken: maps.GetValueAsString(channelConfig, "apiToken"),
 			ChatId:   maps.GetValueAsInt64(channelConfig, "chatId"),
 		})

-	case domain.NotifyChannelServerChan:
-		return providerServerChan.New(&providerServerChan.ServerChanNotifierConfig{
+	case domain.NotifyChannelWebhook:
+		return providerWebhook.New(&providerWebhook.WebhookNotifierConfig{
 			Url: maps.GetValueAsString(channelConfig, "url"),
 		})

-	case domain.NotifyChannelBark:
-		return providerBark.New(&providerBark.BarkNotifierConfig{
-			DeviceKey: maps.GetValueAsString(channelConfig, "deviceKey"),
-			ServerUrl: maps.GetValueAsString(channelConfig, "serverUrl"),
+	case domain.NotifyChannelWeCom:
+		return providerWeCom.New(&providerWeCom.WeComNotifierConfig{
+			WebhookUrl: maps.GetValueAsString(channelConfig, "webhookUrl"),
 		})
 	}

--- a/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-cdn/huaweicloud_cdn.go
@ -22,7 +22,7 @@ type HuaweiCloudCDNDeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
-	// 华为云地域。
+	// 华为云区域。
 	Region string `json:"region"`
 	// 加速域名（不支持泛域名）。
 	Domain string `json:"domain"`
--- a/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/deployer/providers/huaweicloud-elb/huaweicloud_elb.go
@ -27,7 +27,7 @@ type HuaweiCloudELBDeployerConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
-	// 华为云地域。
+	// 华为云区域。
 	Region string `json:"region"`
 	// 部署资源类型。
 	ResourceType DeployResourceType `json:"resourceType"`
--- a/internal/pkg/core/deployer/providers/tencentcloud-teo/tencentcloud_teo.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-teo/tencentcloud_teo.go
@ -15,7 +15,7 @@ import (
 	providerSsl "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/tencentcloud-ssl"
 )

-type TencentCloudTEODeployerConfig struct {
+type TencentCloudEODeployerConfig struct {
 	// 腾讯云 SecretId。
 	SecretId string `json:"secretId"`
 	// 腾讯云 SecretKey。
@ -26,25 +26,25 @@ type TencentCloudTEODeployerConfig struct {
 	Domain string `json:"domain"`
 }

-type TencentCloudTEODeployer struct {
-	config      *TencentCloudTEODeployerConfig
+type TencentCloudEODeployer struct {
+	config      *TencentCloudEODeployerConfig
 	logger      deployer.Logger
 	sdkClients  *wSdkClients
 	sslUploader uploader.Uploader
 }

-var _ deployer.Deployer = (*TencentCloudTEODeployer)(nil)
+var _ deployer.Deployer = (*TencentCloudEODeployer)(nil)

 type wSdkClients struct {
 	ssl *tcSsl.Client
 	teo *tcTeo.Client
 }

-func New(config *TencentCloudTEODeployerConfig) (*TencentCloudTEODeployer, error) {
+func New(config *TencentCloudEODeployerConfig) (*TencentCloudEODeployer, error) {
 	return NewWithLogger(config, deployer.NewNilLogger())
 }

-func NewWithLogger(config *TencentCloudTEODeployerConfig, logger deployer.Logger) (*TencentCloudTEODeployer, error) {
+func NewWithLogger(config *TencentCloudEODeployerConfig, logger deployer.Logger) (*TencentCloudEODeployer, error) {
 	if config == nil {
 		return nil, errors.New("config is nil")
 	}
@ -66,7 +66,7 @@ func NewWithLogger(config *TencentCloudTEODeployerConfig, logger deployer.Logger
 		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
 	}

-	return &TencentCloudTEODeployer{
+	return &TencentCloudEODeployer{
 		logger:      logger,
 		config:      config,
 		sdkClients:  clients,
@ -74,7 +74,7 @@ func NewWithLogger(config *TencentCloudTEODeployerConfig, logger deployer.Logger
 	}, nil
 }

-func (d *TencentCloudTEODeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
+func (d *TencentCloudEODeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) {
 	if d.config.ZoneId == "" {
 		return nil, xerrors.New("config `zoneId` is required")
 	}
--- a/internal/pkg/core/deployer/providers/tencentcloud-teo/tencentcloud_teo_test.go
+++ b/internal/pkg/core/deployer/providers/tencentcloud-teo/tencentcloud_teo_test.go
@ -8,7 +8,7 @@ import (
 	"strings"
 	"testing"

-	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-teo"
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/tencentcloud-eo"
 )

 var (
@ -21,7 +21,7 @@ var (
 )

 func init() {
-	argsPrefix := "CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_"
+	argsPrefix := "CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_"

 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
@ -35,12 +35,12 @@ func init() {
 Shell command to run this test:

 	go test -v tencentcloud_cdn_test.go -args \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_INPUTCERTPATH="/path/to/your-input-cert.pem" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_SECRETID="your-secret-id" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_SECRETKEY="your-secret-key" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_ZONEID="your-zone-id" \
-	--CERTIMATE_DEPLOYER_TENCENTCLOUDETEO_DOMAIN="example.com"
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_SECRETID="your-secret-id" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_SECRETKEY="your-secret-key" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_ZONEID="your-zone-id" \
+	--CERTIMATE_DEPLOYER_TENCENTCLOUDEEO_DOMAIN="example.com"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()
@ -56,7 +56,7 @@ func TestDeploy(t *testing.T) {
 			fmt.Sprintf("DOMAIN: %v", fDomain),
 		}, "\n"))

-		deployer, err := provider.New(&provider.TencentCloudTEODeployerConfig{
+		deployer, err := provider.New(&provider.TencentCloudEODeployerConfig{
 			SecretId:  fSecretId,
 			SecretKey: fSecretKey,
 			ZoneId:    fZoneId,
--- a/internal/pkg/core/notifier/providers/lark/lark.go
+++ b/internal/pkg/core/notifier/providers/lark/lark.go
@ -10,7 +10,7 @@ import (
 )

 type LarkNotifierConfig struct {
-	// 飞书 Webhook 地址。
+	// 飞书机器人 Webhook 地址。
 	WebhookUrl string `json:"webhookUrl"`
 }

--- a/internal/pkg/core/notifier/providers/wecom/wecom.go
+++ b/internal/pkg/core/notifier/providers/wecom/wecom.go
@ -0,0 +1,58 @@
+package serverchan
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	notifyHttp "github.com/nikoksr/notify/service/http"
+
+	"github.com/usual2970/certimate/internal/pkg/core/notifier"
+)
+
+type WeComNotifierConfig struct {
+	// 企业微信机器人 Webhook 地址。
+	WebhookUrl string `json:"webhookUrl"`
+}
+
+type WeComNotifier struct {
+	config *WeComNotifierConfig
+}
+
+var _ notifier.Notifier = (*WeComNotifier)(nil)
+
+func New(config *WeComNotifierConfig) (*WeComNotifier, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	return &WeComNotifier{
+		config: config,
+	}, nil
+}
+
+func (n *WeComNotifier) Notify(ctx context.Context, subject string, message string) (res *notifier.NotifyResult, err error) {
+	srv := notifyHttp.New()
+
+	srv.AddReceivers(&notifyHttp.Webhook{
+		URL:         n.config.WebhookUrl,
+		Header:      http.Header{},
+		ContentType: "application/json",
+		Method:      http.MethodPost,
+		BuildPayload: func(subject, message string) (payload any) {
+			return map[string]any{
+				"msgtype": "text",
+				"text": map[string]string{
+					"content": subject + "\n\n" + message,
+				},
+			}
+		},
+	})
+
+	err = srv.Send(ctx, subject, message)
+	if err != nil {
+		return nil, err
+	}
+
+	return &notifier.NotifyResult{}, nil
+}
--- a/internal/pkg/core/notifier/providers/wecom/wecom_test.go
+++ b/internal/pkg/core/notifier/providers/wecom/wecom_test.go
@ -0,0 +1,57 @@
+package serverchan_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/notifier/providers/wecom"
+)
+
+const (
+	mockSubject = "test_subject"
+	mockMessage = "test_message"
+)
+
+var fWebhookUrl string
+
+func init() {
+	argsPrefix := "CERTIMATE_NOTIFIER_WECOM_"
+
+	flag.StringVar(&fWebhookUrl, argsPrefix+"WEBHOOKURL", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v serverchan_test.go -args \
+	--CERTIMATE_NOTIFIER_WECOM_WEBHOOKURL="https://example.com/your-webhook-url" \
+*/
+func TestNotify(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Notify", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("WEBHOOKURL: %v", fWebhookUrl),
+		}, "\n"))
+
+		notifier, err := provider.New(&provider.WeComNotifierConfig{
+			WebhookUrl: fWebhookUrl,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		res, err := notifier.Notify(context.Background(), mockSubject, mockMessage)
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@ -26,7 +26,7 @@ type HuaweiCloudELBUploaderConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
-	// 华为云地域。
+	// 华为云区域。
 	Region string `json:"region"`
 }

--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@ -22,7 +22,7 @@ type HuaweiCloudSCMUploaderConfig struct {
 	AccessKeyId string `json:"accessKeyId"`
 	// 华为云 SecretAccessKey。
 	SecretAccessKey string `json:"secretAccessKey"`
-	// 华为云地域。
+	// 华为云区域。
 	Region string `json:"region"`
 }

--- a/internal/pkg/vendors/qiniu-sdk/client.go
+++ b/internal/pkg/vendors/qiniu-sdk/client.go
@ -6,10 +6,9 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"strings"

 	"github.com/qiniu/go-sdk/v7/auth"
-
-	xhttp "github.com/usual2970/certimate/internal/utils/http"
 )

 const qiniuHost = "https://api.qiniu.com"
@ -136,25 +135,29 @@ func (c *Client) UploadSslCert(name, commonName, certificate, privateKey string)
 }

 func (c *Client) sendReq(method string, path string, body io.Reader) ([]byte, error) {
-	req := xhttp.BuildReq(fmt.Sprintf("%s/%s", qiniuHost, path), method, body, map[string]string{
-		"Content-Type": "application/json",
-	})
+	path = strings.TrimPrefix(path, "/")
+
+	req, err := http.NewRequest(method, fmt.Sprintf("%s/%s", qiniuHost, path), body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("Content-Type", "application/json")

 	if err := c.mac.AddToken(auth.TokenQBox, req); err != nil {
 		return nil, err
 	}

-	respBody, err := xhttp.ToRequest(req)
+	client := http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	r, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}

-	defer respBody.Close()
-
-	res, err := io.ReadAll(respBody)
-	if err != nil {
-		return nil, err
-	}
-
-	return res, nil
+	return r, nil
 }
--- a/internal/utils/rand/rand.go
+++ b/internal/utils/rand/rand.go
@ -1,24 +0,0 @@
-package rand
-
-import (
-	"math/rand"
-	"time"
-)
-
-// Deprecated: this will be removed in the future.
-// 随机生成指定长度字符串
-func RandStr(n int) string {
-	seed := time.Now().UnixNano()
-	source := rand.NewSource(seed)
-	random := rand.New(source)
-
-	letters := []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
-
-	// 使用循环生成指定长度的字符串
-	result := make([]rune, n)
-	for i := range result {
-		result[i] = letters[random.Intn(len(letters))]
-	}
-
-	return string(result)
-}
--- a/internal/utils/xtime/time.go
+++ b/internal/utils/xtime/time.go
@ -13,9 +13,3 @@ func BeijingTimeStr() string {
 	// 格式化为字符串
 	return now.Format("2006-01-02 15:04:05")
 }
-
-func GetTimeAfter(d time.Duration) string {
-	t := time.Now().UTC()
-
-	return t.Add(d).Format("2006-01-02 15:04:05")
-}
--- a/internal/workflow/node-processor/deploy_node.go
+++ b/internal/workflow/node-processor/deploy_node.go
@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"

+	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/deployer"
 	"github.com/usual2970/certimate/internal/domain"
 	"github.com/usual2970/certimate/internal/repository"
@ -68,6 +69,13 @@ func (d *deployNode) Run(ctx context.Context) error {
 		Domain:       cert.SAN,
 		Access:       access.Config,
 		AccessRecord: access,
+		Certificate: applicant.Certificate{
+			CertUrl:           cert.CertUrl,
+			CertStableUrl:     cert.CertStableUrl,
+			PrivateKey:        cert.PrivateKey,
+			Certificate:       cert.Certificate,
+			IssuerCertificate: cert.IssuerCertificate,
+		},
 		DeployConfig: domain.DeployConfig{
 			Id:     d.node.Id,
 			Access: access.Id,
--- a/migrations/1734398918_updated_access.go
+++ b/migrations/1734398918_updated_access.go
@ -0,0 +1,108 @@
+package migrations
+
+import (
+	"encoding/json"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/daos"
+	m "github.com/pocketbase/pocketbase/migrations"
+	"github.com/pocketbase/pocketbase/models/schema"
+)
+
+func init() {
+	m.Register(func(db dbx.Builder) error {
+		dao := daos.New(db);
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		// update
+		edit_configType := &schema.SchemaField{}
+		if err := json.Unmarshal([]byte(`{
+			"system": false,
+			"id": "hwy7m03o",
+			"name": "configType",
+			"type": "select",
+			"required": false,
+			"presentable": false,
+			"unique": false,
+			"options": {
+				"maxSelect": 1,
+				"values": [
+					"aliyun",
+					"acmehttpreq",
+					"aws",
+					"baiducloud",
+					"byteplus",
+					"cloudflare",
+					"dogecloud",
+					"godaddy",
+					"huaweicloud",
+					"k8s",
+					"local",
+					"namesilo",
+					"powerdns",
+					"qiniu",
+					"ssh",
+					"tencentcloud",
+					"volcengine",
+					"webhook"
+				]
+			}
+		}`), edit_configType); err != nil {
+			return err
+		}
+		collection.Schema.AddField(edit_configType)
+
+		return dao.SaveCollection(collection)
+	}, func(db dbx.Builder) error {
+		dao := daos.New(db);
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		// update
+		edit_configType := &schema.SchemaField{}
+		if err := json.Unmarshal([]byte(`{
+			"system": false,
+			"id": "hwy7m03o",
+			"name": "configType",
+			"type": "select",
+			"required": false,
+			"presentable": false,
+			"unique": false,
+			"options": {
+				"maxSelect": 1,
+				"values": [
+					"aliyun",
+					"tencent",
+					"huaweicloud",
+					"qiniu",
+					"aws",
+					"cloudflare",
+					"namesilo",
+					"godaddy",
+					"pdns",
+					"httpreq",
+					"local",
+					"ssh",
+					"webhook",
+					"k8s",
+					"baiducloud",
+					"dogecloud",
+					"volcengine",
+					"byteplus"
+				]
+			}
+		}`), edit_configType); err != nil {
+			return err
+		}
+		collection.Schema.AddField(edit_configType)
+
+		return dao.SaveCollection(collection)
+	})
+}
--- a/migrations/1734434522_updated_access.go
+++ b/migrations/1734434522_updated_access.go
@ -0,0 +1,43 @@
+package migrations
+
+import (
+	"encoding/json"
+
+	"github.com/pocketbase/dbx"
+	"github.com/pocketbase/pocketbase/daos"
+	m "github.com/pocketbase/pocketbase/migrations"
+)
+
+func init() {
+	m.Register(func(db dbx.Builder) error {
+		dao := daos.New(db);
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		if err := json.Unmarshal([]byte(`[
+			"CREATE INDEX ` + "`" + `idx_wkoST0j` + "`" + ` ON ` + "`" + `access` + "`" + ` (` + "`" + `name` + "`" + `)"
+		]`), &collection.Indexes); err != nil {
+			return err
+		}
+
+		return dao.SaveCollection(collection)
+	}, func(db dbx.Builder) error {
+		dao := daos.New(db);
+
+		collection, err := dao.FindCollectionByNameOrId("4yzbv8urny5ja1e")
+		if err != nil {
+			return err
+		}
+
+		if err := json.Unmarshal([]byte(`[
+			"CREATE UNIQUE INDEX ` + "`" + `idx_wkoST0j` + "`" + ` ON ` + "`" + `access` + "`" + ` (` + "`" + `name` + "`" + `)"
+		]`), &collection.Indexes); err != nil {
+			return err
+		}
+
+		return dao.SaveCollection(collection)
+	})
+}
--- a/ui/.eslintrc.cjs
+++ b/ui/.eslintrc.cjs
@ -13,6 +13,21 @@ module.exports = {
  parser: "@typescript-eslint/parser",
  plugins: ["react-refresh"],
  rules: {
+    "@typescript-eslint/no-explicit-any": [
+      "warn",
+      {
+        ignoreRestArgs: true,
+      },
+    ],
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        argsIgnorePattern: "^_",
+        caughtErrorsIgnorePattern: "^_",
+        destructuredArrayIgnorePattern: "^_",
+        varsIgnorePattern: "^_",
+      },
+    ],
    "react-refresh/only-export-components": [
      "warn",
      {
--- a/ui/.gitignore
+++ b/ui/.gitignore
@ -1,3 +1,8 @@
+node_modules
+dist
+dist-ssr
+!dist/.gitkeep
+
 # Logs
 logs
 *.log
@ -6,10 +11,6 @@ yarn-debug.log*
 yarn-error.log*
 pnpm-debug.log*
 lerna-debug.log*
-./ui/.env
-node_modules
-dist-ssr
-*.local

 # Editor directories and files
 .vscode/*
@ -22,4 +23,5 @@ dist-ssr
 *.sln
 *.sw?

+*.local
 .env
--- a/ui/README.md
+++ b/ui/README.md
@ -1,30 +0,0 @@
-# React + TypeScript + Vite
-
-This template provides a minimal setup to get React working in Vite with HMR and some ESLint rules.
-
-Currently, two official plugins are available:
-
- [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/README.md) uses [Babel](https://babeljs.io/) for Fast Refresh
- [@vitejs/plugin-react-swc](https://github.com/vitejs/vite-plugin-react-swc) uses [SWC](https://swc.rs/) for Fast Refresh
-
-## Expanding the ESLint configuration
-
-If you are developing a production application, we recommend updating the configuration to enable type aware lint rules:
-
- Configure the top-level `parserOptions` property like this:
-
-```js
-export default {
-  // other rules...
-  parserOptions: {
-    ecmaVersion: "latest",
-    sourceType: "module",
-    project: ["./tsconfig.json", "./tsconfig.node.json", "./tsconfig.app.json"],
-    tsconfigRootDir: __dirname,
-  },
-};
-```
-
- Replace `plugin:@typescript-eslint/recommended` to `plugin:@typescript-eslint/recommended-type-checked` or `plugin:@typescript-eslint/strict-type-checked`
- Optionally add `plugin:@typescript-eslint/stylistic-type-checked`
- Install [eslint-plugin-react](https://github.com/jsx-eslint/eslint-plugin-react) and add `plugin:react/recommended` & `plugin:react/jsx-runtime` to the `extends` list
--- a/ui/components.json
+++ b/ui/components.json
@ -12,6 +12,6 @@
  },
  "aliases": {
    "components": "@/components",
-    "utils": "@/lib/utils"
+    "utils": "@/components/ui/utils"
  }
 }
--- a/ui/package-lock.json
+++ b/ui/package-lock.json
--- a/ui/package.json
+++ b/ui/package.json
@ -12,28 +12,18 @@
  "dependencies": {
    "@ant-design/pro-components": "^2.8.2",
    "@hookform/resolvers": "^3.9.0",
-    "@radix-ui/react-accordion": "^1.2.0",
-    "@radix-ui/react-collapsible": "^1.1.1",
    "@radix-ui/react-dialog": "^1.1.2",
    "@radix-ui/react-dropdown-menu": "^2.1.1",
    "@radix-ui/react-label": "^2.1.0",
-    "@radix-ui/react-popover": "^1.1.2",
-    "@radix-ui/react-radio-group": "^1.2.0",
    "@radix-ui/react-scroll-area": "^1.1.0",
    "@radix-ui/react-select": "^2.1.1",
-    "@radix-ui/react-separator": "^1.1.0",
    "@radix-ui/react-slot": "^1.1.0",
-    "@radix-ui/react-switch": "^1.1.0",
-    "@radix-ui/react-tabs": "^1.1.0",
-    "@radix-ui/react-toast": "^1.2.1",
-    "@radix-ui/react-tooltip": "^1.1.2",
    "@tanstack/react-table": "^8.20.5",
    "ahooks": "^3.8.4",
    "antd": "^5.22.2",
    "antd-zod": "^6.0.0",
    "class-variance-authority": "^0.7.0",
    "clsx": "^2.1.1",
-    "cmdk": "^1.0.0",
    "cron-parser": "^4.9.0",
    "i18next": "^23.15.1",
    "i18next-browser-languagedetector": "^8.0.0",
@ -62,6 +52,7 @@
    "@types/react-dom": "^18.3.0",
    "@typescript-eslint/eslint-plugin": "^7.15.0",
    "@typescript-eslint/parser": "^7.15.0",
+    "@vitejs/plugin-legacy": "^5.4.3",
    "@vitejs/plugin-react": "^4.3.1",
    "autoprefixer": "^10.4.19",
    "eslint": "^8.57.0",
--- a/ui/public/imgs/providers/google.svg
+++ b/ui/public/imgs/providers/google.svg
--- a/ui/public/imgs/providers/letsencrypt.svg
+++ b/ui/public/imgs/providers/letsencrypt.svg
--- a/ui/public/imgs/acme/zerossl.svg
+++ b/ui/public/imgs/acme/zerossl.svg
@ -0,0 +1 @@
+<svg viewBox="0 0 1113 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" width="200" height="200"><path d="M107.287 512.928c0-79.047-0.045-158.094 0.03-237.141 0.02-21.15 1.256-42.135 9.203-62.181 23.74-59.883 67.166-95.237 130.865-105.518 8.582-1.385 17.221-1.667 25.889-1.667 159.718 0.009 319.436-0.021 479.155 0.019 74.315 0.019 133.182 41.364 157.993 111.108 6.12 17.204 8.542 35.132 8.54 53.403-0.022 161.072 0.122 322.144-0.072 483.215-0.091 75.418-50.342 141.59-119.876 158.868-15.044 3.738-30.331 5.422-45.807 5.423-160.26 0.014-320.521 0.29-480.78-0.12-71.188-0.182-121.825-33.848-152.353-97.864-10.72-22.48-12.842-46.672-12.817-71.218 0.081-78.774 0.03-157.551 0.03-236.327z m283.66-4.813v136.454H254.062v138.583h138.402V645.64h138.004v137.437h138.576V644.705h137.443V505.977H668.339V367.658H530.496V229.98H391.685v138.154H254.216c-0.365 1.798-0.66 2.576-0.661 3.354-0.035 43.047 0.079 86.094-0.188 129.139-0.042 6.738 3.542 6.504 8.205 6.495 39.798-0.073 79.596-0.06 119.394-0.007 3.173 0.005 6.462-0.676 9.981 1z" fill="#4D70D4"></path></svg>
--- a/ui/public/imgs/providers/acmehttpreq.svg
+++ b/ui/public/imgs/providers/acmehttpreq.svg
--- a/ui/public/imgs/providers/kubernetes.svg
+++ b/ui/public/imgs/providers/kubernetes.svg
--- a/ui/public/imgs/providers/powerdns.svg
+++ b/ui/public/imgs/providers/powerdns.svg
--- a/ui/public/imgs/providers/tencentcloud.svg
+++ b/ui/public/imgs/providers/tencentcloud.svg
--- a/ui/public/imgs/providers/zerossl.svg
+++ b/ui/public/imgs/providers/zerossl.svg
@ -1 +0,0 @@
-<svg class="icon" viewBox="0 0 1113 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="18956" width="200" height="200"><path d="M107.287 512.928c0-79.047-0.045-158.094 0.03-237.141 0.02-21.15 1.256-42.135 9.203-62.181 23.74-59.883 67.166-95.237 130.865-105.518 8.582-1.385 17.221-1.667 25.889-1.667 159.718 0.009 319.436-0.021 479.155 0.019 74.315 0.019 133.182 41.364 157.993 111.108 6.12 17.204 8.542 35.132 8.54 53.403-0.022 161.072 0.122 322.144-0.072 483.215-0.091 75.418-50.342 141.59-119.876 158.868-15.044 3.738-30.331 5.422-45.807 5.423-160.26 0.014-320.521 0.29-480.78-0.12-71.188-0.182-121.825-33.848-152.353-97.864-10.72-22.48-12.842-46.672-12.817-71.218 0.081-78.774 0.03-157.551 0.03-236.327z m283.66-4.813v136.454H254.062v138.583h138.402V645.64h138.004v137.437h138.576V644.705h137.443V505.977H668.339V367.658H530.496V229.98H391.685v138.154H254.216c-0.365 1.798-0.66 2.576-0.661 3.354-0.035 43.047 0.079 86.094-0.188 129.139-0.042 6.738 3.542 6.504 8.205 6.495 39.798-0.073 79.596-0.06 119.394-0.007 3.173 0.005 6.462-0.676 9.981 1z" fill="#4D70D4" p-id="18957"></path></svg>
--- a/ui/src/App.tsx
+++ b/ui/src/App.tsx
@ -1,4 +1,4 @@
-import { useEffect, useLayoutEffect, useState } from "react";
+import { useEffect, useLayoutEffect, useMemo, useState } from "react";
 import { RouterProvider } from "react-router-dom";
 import { useTranslation } from "react-i18next";
 import { App, ConfigProvider, theme, type ThemeConfig } from "antd";
@ -9,30 +9,36 @@ import dayjs from "dayjs";
 import "dayjs/locale/zh-cn";

 import { localeNames } from "./i18n";
-import { useTheme } from "./hooks";
+import { useBrowserTheme } from "./hooks";
 import { router } from "./router.tsx";

 const RootApp = () => {
  const { i18n } = useTranslation();

-  const { theme: browserTheme } = useTheme();
+  const { theme: browserTheme } = useBrowserTheme();

-  const antdLocalesMap: Record<string, Locale> = {
+  const antdLocalesMap: Record<string, Locale> = useMemo(
+    () => ({
      [localeNames.ZH]: AntdLocaleZhCN,
      [localeNames.EN]: AntdLocaleEnUs,
-  };
+    }),
+    []
+  );
  const [antdLocale, setAntdLocale] = useState(antdLocalesMap[i18n.language]);
  const handleLanguageChanged = () => {
    setAntdLocale(antdLocalesMap[i18n.language]);
    dayjs.locale(i18n.language);
  };
  i18n.on("languageChanged", handleLanguageChanged);
-  useLayoutEffect(handleLanguageChanged, [i18n]);
+  useLayoutEffect(handleLanguageChanged, [antdLocalesMap, i18n]);

-  const antdThemesMap: Record<string, ThemeConfig> = {
+  const antdThemesMap: Record<string, ThemeConfig> = useMemo(
+    () => ({
      ["light"]: { algorithm: theme.defaultAlgorithm },
      ["dark"]: { algorithm: theme.darkAlgorithm },
-  };
+    }),
+    []
+  );
  const [antdTheme, setAntdTheme] = useState(antdThemesMap[browserTheme]);
  useEffect(() => {
    setAntdTheme(antdThemesMap[browserTheme]);
@ -40,7 +46,7 @@ const RootApp = () => {
    const root = window.document.documentElement;
    root.classList.remove("light", "dark");
    root.classList.add(browserTheme);
-  }, [browserTheme]);
+  }, [antdThemesMap, browserTheme]);

  return (
    <ConfigProvider
--- a/ui/src/components/certimate/Version.tsx
+++ b/ui/src/components/certimate/Version.tsx
@ -4,15 +4,16 @@ import { BookOpen as BookOpenIcon } from "lucide-react";

 import { version } from "@/domain/version";

-type VersionProps = {
+export type VersionProps = {
  className?: string;
+  style?: React.CSSProperties;
 };

-const Version = ({ className }: VersionProps) => {
+const Version = ({ className, style }: VersionProps) => {
  const { t } = useTranslation();

  return (
-    <Space className={className} size={4}>
+    <Space className={className} style={style} size={4}>
      <Typography.Link type="secondary" href="https://docs.certimate.me" target="_blank">
        <div className="flex items-center justify-center space-x-1">
          <BookOpenIcon size={16} />
--- a/ui/src/components/access/AccessEditForm.tsx
+++ b/ui/src/components/access/AccessEditForm.tsx
@ -0,0 +1,174 @@
+import { forwardRef, useEffect, useImperativeHandle, useMemo, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useCreation, useDeepCompareEffect } from "ahooks";
+import { Form, Input } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { ACCESS_PROVIDER_TYPES, type AccessModel } from "@/domain/access";
+import AccessTypeSelect from "./AccessTypeSelect";
+import AccessEditFormACMEHttpReqConfig from "./AccessEditFormACMEHttpReqConfig";
+import AccessEditFormAliyunConfig from "./AccessEditFormAliyunConfig";
+import AccessEditFormAWSConfig from "./AccessEditFormAWSConfig";
+import AccessEditFormBaiduCloudConfig from "./AccessEditFormBaiduCloudConfig";
+import AccessEditFormBytePlusConfig from "./AccessEditFormBytePlusConfig";
+import AccessEditFormCloudflareConfig from "./AccessEditFormCloudflareConfig";
+import AccessEditFormDogeCloudConfig from "./AccessEditFormDogeCloudConfig";
+import AccessEditFormGoDaddyConfig from "./AccessEditFormGoDaddyConfig";
+import AccessEditFormHuaweiCloudConfig from "./AccessEditFormHuaweiCloudConfig";
+import AccessEditFormKubernetesConfig from "./AccessEditFormKubernetesConfig";
+import AccessEditFormLocalConfig from "./AccessEditFormLocalConfig";
+import AccessEditFormNameSiloConfig from "./AccessEditFormNameSiloConfig";
+import AccessEditFormPowerDNSConfig from "./AccessEditFormPowerDNSConfig";
+import AccessEditFormQiniuConfig from "./AccessEditFormQiniuConfig";
+import AccessEditFormSSHConfig from "./AccessEditFormSSHConfig";
+import AccessEditFormTencentCloudConfig from "./AccessEditFormTencentCloudConfig";
+import AccessEditFormVolcEngineConfig from "./AccessEditFormVolcEngineConfig";
+import AccessEditFormWebhookConfig from "./AccessEditFormWebhookConfig";
+
+type AccessEditFormModelType = Partial<MaybeModelRecord<AccessModel>>;
+type AccessEditFormModes = "add" | "edit";
+
+export type AccessEditFormProps = {
+  className?: string;
+  style?: React.CSSProperties;
+  disabled?: boolean;
+  loading?: boolean;
+  mode: AccessEditFormModes;
+  model?: AccessEditFormModelType;
+  onModelChange?: (model: AccessEditFormModelType) => void;
+};
+
+export type AccessEditFormInstance = {
+  getFieldsValue: () => AccessEditFormModelType;
+  resetFields: () => void;
+  validateFields: () => Promise<AccessEditFormModelType>;
+};
+
+const AccessEditForm = forwardRef<AccessEditFormInstance, AccessEditFormProps>(({ className, style, disabled, loading, mode, model, onModelChange }, ref) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    name: z
+      .string({ message: t("access.form.name.placeholder") })
+      .trim()
+      .min(1, t("access.form.name.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    configType: z.nativeEnum(ACCESS_PROVIDER_TYPES, { message: t("access.form.type.placeholder") }),
+    config: z.any(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+  const [form] = Form.useForm<z.infer<typeof formSchema>>();
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model as Partial<z.infer<typeof formSchema>>);
+  useDeepCompareEffect(() => {
+    setInitialValues(model as Partial<z.infer<typeof formSchema>>);
+  }, [model]);
+
+  const [configType, setConfigType] = useState(model?.configType);
+  useEffect(() => {
+    setConfigType(model?.configType);
+  }, [model?.configType]);
+
+  const [configFormInst] = Form.useForm();
+  const configFormName = useCreation(() => `accessEditForm_config${Math.random().toString(36).substring(2, 10)}${new Date().getTime()}`, []);
+  const configFormComponent = useMemo(() => {
+    /*
+      注意：如果追加新的子组件，请保持以 ASCII 排序。
+      NOTICE: If you add new child component, please keep ASCII order.
+     */
+    const configFormProps = { form: configFormInst, formName: configFormName, disabled: disabled, loading: loading, model: model?.config };
+    switch (configType) {
+      case ACCESS_PROVIDER_TYPES.ACMEHTTPREQ:
+        return <AccessEditFormACMEHttpReqConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.ALIYUN:
+        return <AccessEditFormAliyunConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.AWS:
+        return <AccessEditFormAWSConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.BAIDUCLOUD:
+        return <AccessEditFormBaiduCloudConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.BYTEPLUS:
+        return <AccessEditFormBytePlusConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.CLOUDFLARE:
+        return <AccessEditFormCloudflareConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.DOGECLOUD:
+        return <AccessEditFormDogeCloudConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.GODADDY:
+        return <AccessEditFormGoDaddyConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.HUAWEICLOUD:
+        return <AccessEditFormHuaweiCloudConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.KUBERNETES:
+        return <AccessEditFormKubernetesConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.LOCAL:
+        return <AccessEditFormLocalConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.NAMESILO:
+        return <AccessEditFormNameSiloConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.POWERDNS:
+        return <AccessEditFormPowerDNSConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.QINIU:
+        return <AccessEditFormQiniuConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.SSH:
+        return <AccessEditFormSSHConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.TENCENTCLOUD:
+        return <AccessEditFormTencentCloudConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.VOLCENGINE:
+        return <AccessEditFormVolcEngineConfig {...configFormProps} />;
+      case ACCESS_PROVIDER_TYPES.WEBHOOK:
+        return <AccessEditFormWebhookConfig {...configFormProps} />;
+    }
+  }, [model, configType, configFormInst]);
+
+  const handleFormProviderChange = (name: string) => {
+    if (name === configFormName) {
+      form.setFieldValue("config", configFormInst.getFieldsValue());
+      onModelChange?.(form.getFieldsValue(true));
+    }
+  };
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormModelType) => {
+    if (fields.configType !== configType) {
+      setConfigType(fields.configType);
+    }
+
+    onModelChange?.(fields);
+  };
+
+  useImperativeHandle(ref, () => ({
+    getFieldsValue: () => {
+      return form.getFieldsValue(true);
+    },
+    resetFields: () => {
+      return form.resetFields();
+    },
+    validateFields: () => {
+      const t1 = form.validateFields();
+      const t2 = configFormInst.validateFields();
+      return Promise.all([t1, t2]).then(() => t1);
+    },
+  }));
+
+  return (
+    <Form.Provider onFormChange={handleFormProviderChange}>
+      <div className={className} style={style}>
+        <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" onValuesChange={handleFormChange}>
+          <Form.Item name="name" label={t("access.form.name.label")} rules={[formRule]}>
+            <Input placeholder={t("access.form.name.placeholder")} />
+          </Form.Item>
+
+          <Form.Item
+            name="configType"
+            label={t("access.form.type.label")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.type.tooltip") }}></span>}
+          >
+            <AccessTypeSelect disabled={mode !== "add"} placeholder={t("access.form.type.placeholder")} showSearch={!disabled} />
+          </Form.Item>
+        </Form>
+
+        {configFormComponent}
+      </div>
+    </Form.Provider>
+  );
+});
+
+export default AccessEditForm;
--- a/ui/src/components/access/AccessEditFormACMEHttpReqConfig.tsx
+++ b/ui/src/components/access/AccessEditFormACMEHttpReqConfig.tsx
@ -0,0 +1,107 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, Select, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type ACMEHttpReqAccessConfig } from "@/domain/access";
+
+type AccessEditFormACMEHttpReqConfigModelType = Partial<ACMEHttpReqAccessConfig>;
+
+export type AccessEditFormACMEHttpReqConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormACMEHttpReqConfigModelType;
+  onModelChange?: (model: AccessEditFormACMEHttpReqConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    endpoint: "https://example.com/api/",
+    mode: "",
+    username: "",
+    password: "",
+  } as AccessEditFormACMEHttpReqConfigModelType;
+};
+
+const AccessEditFormACMEHttpReqConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormACMEHttpReqConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    endpoint: z.string().url(t("common.errmsg.url_invalid")),
+    mode: z.string().min(0, t("access.form.acmehttpreq_mode.placeholder")).nullish(),
+    username: z
+      .string()
+      .trim()
+      .min(0, t("access.form.acmehttpreq_username.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .nullish(),
+    password: z
+      .string()
+      .trim()
+      .min(0, t("access.form.acmehttpreq_password.placeholder"))
+      .max(256, t("common.errmsg.string_max", { max: 256 }))
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormACMEHttpReqConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="endpoint"
+        label={t("access.form.acmehttpreq_endpoint.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmehttpreq_endpoint.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.acmehttpreq_endpoint.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="mode"
+        label={t("access.form.acmehttpreq_mode.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmehttpreq_mode.tooltip") }}></span>}
+      >
+        <Select
+          options={[
+            { value: "", label: "(default)" },
+            { value: "RAW", label: "RAW" },
+          ]}
+          placeholder={t("access.form.acmehttpreq_mode.placeholder")}
+        />
+      </Form.Item>
+
+      <Form.Item
+        name="username"
+        label={t("access.form.acmehttpreq_username.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmehttpreq_username.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.acmehttpreq_username.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="password"
+        label={t("access.form.acmehttpreq_password.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.acmehttpreq_password.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.acmehttpreq_password.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormACMEHttpReqConfig;
--- a/ui/src/components/access/AccessEditFormAWSConfig.tsx
+++ b/ui/src/components/access/AccessEditFormAWSConfig.tsx
@ -0,0 +1,111 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AWSAccessConfig } from "@/domain/access";
+
+type AccessEditFormAWSConfigModelType = Partial<AWSAccessConfig>;
+
+export type AccessEditFormAWSConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormAWSConfigModelType;
+  onModelChange?: (model: AccessEditFormAWSConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKeyId: "",
+    secretAccessKey: "",
+    region: "us-east-1",
+    hostedZoneId: "",
+  } as AccessEditFormAWSConfigModelType;
+};
+
+const AccessEditFormAWSConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormAWSConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKeyId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.aws_access_key_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.aws_secret_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    // TODO: 该字段仅用于申请证书，后续迁移到工作流表单中
+    region: z
+      .string()
+      .trim()
+      .min(0, t("access.form.aws_region.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 }))
+      .nullish(),
+    // TODO: 该字段仅用于申请证书，后续迁移到工作流表单中
+    hostedZoneId: z
+      .string()
+      .trim()
+      .min(0, t("access.form.aws_hosted_zone_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 }))
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormAWSConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKeyId"
+        label={t("access.form.aws_access_key_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aws_access_key_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.aws_access_key_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretAccessKey"
+        label={t("access.form.aws_secret_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aws_secret_access_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.aws_secret_access_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="region"
+        label={t("access.form.aws_region.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aws_region.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.aws_region.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="hostedZoneId"
+        label={t("access.form.aws_hosted_zone_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aws_hosted_zone_id.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.aws_hosted_zone_id.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormAWSConfig;
--- a/ui/src/components/access/AccessEditFormAliyunConfig.tsx
+++ b/ui/src/components/access/AccessEditFormAliyunConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type AliyunAccessConfig } from "@/domain/access";
+
+type AccessEditFormAliyunConfigModelType = Partial<AliyunAccessConfig>;
+
+export type AccessEditFormAliyunConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormAliyunConfigModelType;
+  onModelChange?: (model: AccessEditFormAliyunConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKeyId: "",
+    accessKeySecret: "",
+  } as AccessEditFormAliyunConfigModelType;
+};
+
+const AccessEditFormAliyunConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormAliyunConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKeyId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.aliyun_access_key_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    accessKeySecret: z
+      .string()
+      .trim()
+      .min(1, t("access.form.aliyun_access_key_secret.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormAliyunConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKeyId"
+        label={t("access.form.aliyun_access_key_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aliyun_access_key_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.aliyun_access_key_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="accessKeySecret"
+        label={t("access.form.aliyun_access_key_secret.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.aliyun_access_key_secret.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.aliyun_access_key_secret.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormAliyunConfig;
--- a/ui/src/components/access/AccessEditFormBaiduCloudConfig.tsx
+++ b/ui/src/components/access/AccessEditFormBaiduCloudConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type BaiduCloudAccessConfig } from "@/domain/access";
+
+type AccessEditFormBaiduCloudConfigModelType = Partial<BaiduCloudAccessConfig>;
+
+export type AccessEditFormBaiduCloudConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormBaiduCloudConfigModelType;
+  onModelChange?: (model: AccessEditFormBaiduCloudConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKeyId: "",
+    secretAccessKey: "",
+  } as AccessEditFormBaiduCloudConfigModelType;
+};
+
+const AccessEditFormBaiduCloudConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormBaiduCloudConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKeyId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.baiducloud_access_key_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.baiducloud_secret_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormBaiduCloudConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKeyId"
+        label={t("access.form.baiducloud_access_key_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.baiducloud_access_key_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.baiducloud_access_key_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretAccessKey"
+        label={t("access.form.baiducloud_secret_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.baiducloud_secret_access_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.baiducloud_secret_access_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormBaiduCloudConfig;
--- a/ui/src/components/access/AccessEditFormBytePlusConfig.tsx
+++ b/ui/src/components/access/AccessEditFormBytePlusConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type BytePlusAccessConfig } from "@/domain/access";
+
+type AccessEditFormBytePlusConfigModelType = Partial<BytePlusAccessConfig>;
+
+export type AccessEditFormBytePlusConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormBytePlusConfigModelType;
+  onModelChange?: (model: AccessEditFormBytePlusConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKey: "",
+    secretKey: "",
+  } as AccessEditFormBytePlusConfigModelType;
+};
+
+const AccessEditFormBytePlusConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormBytePlusConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.byteplus_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.byteplus_secret_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormBytePlusConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKey"
+        label={t("access.form.byteplus_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.byteplus_access_key.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.byteplus_access_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretKey"
+        label={t("access.form.byteplus_secret_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.byteplus_secret_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.byteplus_secret_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormBytePlusConfig;
--- a/ui/src/components/access/AccessEditFormCloudflareConfig.tsx
+++ b/ui/src/components/access/AccessEditFormCloudflareConfig.tsx
@ -0,0 +1,62 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type CloudflareAccessConfig } from "@/domain/access";
+
+type AccessEditFormCloudflareConfigModelType = Partial<CloudflareAccessConfig>;
+
+export type AccessEditFormCloudflareConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormCloudflareConfigModelType;
+  onModelChange?: (model: AccessEditFormCloudflareConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    dnsApiToken: "",
+  } as AccessEditFormCloudflareConfigModelType;
+};
+
+const AccessEditFormCloudflareConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormCloudflareConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    dnsApiToken: z
+      .string()
+      .trim()
+      .min(1, t("access.form.cloudflare_dns_api_token.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormCloudflareConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="dnsApiToken"
+        label={t("access.form.cloudflare_dns_api_token.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.cloudflare_dns_api_token.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.cloudflare_dns_api_token.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormCloudflareConfig;
--- a/ui/src/components/access/AccessEditFormDogeCloudConfig.tsx
+++ b/ui/src/components/access/AccessEditFormDogeCloudConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type DogeCloudAccessConfig } from "@/domain/access";
+
+type AccessEditFormDogeCloudConfigModelType = Partial<DogeCloudAccessConfig>;
+
+export type AccessEditFormDogeCloudConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormDogeCloudConfigModelType;
+  onModelChange?: (model: AccessEditFormDogeCloudConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKey: "",
+    secretKey: "",
+  } as AccessEditFormDogeCloudConfigModelType;
+};
+
+const AccessEditFormDogeCloudConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormDogeCloudConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.dogecloud_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.dogecloud_secret_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormDogeCloudConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKey"
+        label={t("access.form.dogecloud_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.dogecloud_access_key.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.dogecloud_access_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretKey"
+        label={t("access.form.dogecloud_secret_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.dogecloud_secret_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.dogecloud_secret_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormDogeCloudConfig;
--- a/ui/src/components/access/AccessEditFormGoDaddyConfig.tsx
+++ b/ui/src/components/access/AccessEditFormGoDaddyConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type GoDaddyAccessConfig } from "@/domain/access";
+
+type AccessEditFormGoDaddyConfigModelType = Partial<GoDaddyAccessConfig>;
+
+export type AccessEditFormGoDaddyConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormGoDaddyConfigModelType;
+  onModelChange?: (model: AccessEditFormGoDaddyConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    apiKey: "",
+    apiSecret: "",
+  } as AccessEditFormGoDaddyConfigModelType;
+};
+
+const AccessEditFormGoDaddyConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormGoDaddyConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    apiKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.godaddy_api_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    apiSecret: z
+      .string()
+      .trim()
+      .min(1, t("access.form.godaddy_api_secret.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormGoDaddyConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="apiKey"
+        label={t("access.form.godaddy_api_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.godaddy_api_key.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.godaddy_api_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="apiSecret"
+        label={t("access.form.godaddy_api_secret.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.godaddy_api_secret.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.godaddy_api_secret.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormGoDaddyConfig;
--- a/ui/src/components/access/AccessEditFormHuaweiCloudConfig.tsx
+++ b/ui/src/components/access/AccessEditFormHuaweiCloudConfig.tsx
@ -0,0 +1,94 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type HuaweiCloudAccessConfig } from "@/domain/access";
+
+type AccessEditFormHuaweiCloudConfigModelType = Partial<HuaweiCloudAccessConfig>;
+
+export type AccessEditFormHuaweiCloudConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormHuaweiCloudConfigModelType;
+  onModelChange?: (model: AccessEditFormHuaweiCloudConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKeyId: "",
+    secretAccessKey: "",
+    region: "cn-north-1",
+  } as AccessEditFormHuaweiCloudConfigModelType;
+};
+
+const AccessEditFormHuaweiCloudConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormHuaweiCloudConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKeyId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.huaweicloud_access_key_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.huaweicloud_secret_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    // TODO: 该字段仅用于申请证书，后续迁移到工作流表单中
+    region: z
+      .string()
+      .trim()
+      .min(0, t("access.form.huaweicloud_region.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 }))
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormHuaweiCloudConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKeyId"
+        label={t("access.form.huaweicloud_access_key_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.huaweicloud_access_key_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.huaweicloud_access_key_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretAccessKey"
+        label={t("access.form.huaweicloud_secret_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.huaweicloud_secret_access_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.huaweicloud_secret_access_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="region"
+        label={t("access.form.huaweicloud_region.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.huaweicloud_region.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.huaweicloud_region.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormHuaweiCloudConfig;
--- a/ui/src/components/access/AccessEditFormKubernetesConfig.tsx
+++ b/ui/src/components/access/AccessEditFormKubernetesConfig.tsx
@ -0,0 +1,82 @@
+import { useState } from "react";
+import { flushSync } from "react-dom";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Button, Form, Input, Upload, type FormInstance, type UploadFile, type UploadProps } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+import { Upload as UploadIcon } from "lucide-react";
+
+import { type KubernetesAccessConfig } from "@/domain/access";
+import { readFileContent } from "@/utils/file";
+
+type AccessEditFormKubernetesConfigModelType = Partial<KubernetesAccessConfig>;
+
+export type AccessEditFormKubernetesConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormKubernetesConfigModelType;
+  onModelChange?: (model: AccessEditFormKubernetesConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {} as AccessEditFormKubernetesConfigModelType;
+};
+
+const AccessEditFormKubernetesConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormKubernetesConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    kubeConfig: z
+      .string()
+      .trim()
+      .min(0, t("access.form.k8s_kubeconfig.placeholder"))
+      .max(20480, t("common.errmsg.string_max", { max: 20480 }))
+      .nullish(),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+    setKubeFileList(model?.kubeConfig?.trim() ? [{ uid: "-1", name: "kubeconfig", status: "done" }] : []);
+  }, [model]);
+
+  const [kubeFileList, setKubeFileList] = useState<UploadFile[]>([]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormKubernetesConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  const handleUploadChange: UploadProps["onChange"] = async ({ file }) => {
+    if (file && file.status !== "removed") {
+      form.setFieldValue("kubeConfig", (await readFileContent(file.originFileObj ?? (file as unknown as File))).trim());
+      setKubeFileList([file]);
+    } else {
+      form.setFieldValue("kubeConfig", "");
+      setKubeFileList([]);
+    }
+
+    flushSync(() => onModelChange?.(form.getFieldsValue(true)));
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="kubeConfig"
+        label={t("access.form.k8s_kubeconfig.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.k8s_kubeconfig.tooltip") }}></span>}
+      >
+        <Input.TextArea hidden placeholder={t("access.form.k8s_kubeconfig.placeholder")} value={form.getFieldValue("kubeConfig")} />
+        <Upload beforeUpload={() => false} fileList={kubeFileList} maxCount={1} onChange={handleUploadChange}>
+          <Button icon={<UploadIcon size={16} />}>{t("access.form.k8s_kubeconfig.upload")}</Button>
+        </Upload>
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormKubernetesConfig;
--- a/ui/src/components/access/AccessEditFormLocalConfig.tsx
+++ b/ui/src/components/access/AccessEditFormLocalConfig.tsx
@ -0,0 +1,31 @@
+import { useState } from "react";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, type FormInstance } from "antd";
+
+import { type LocalAccessConfig } from "@/domain/access";
+
+type AccessEditFormLocalConfigModelType = Partial<LocalAccessConfig>;
+
+export type AccessEditFormLocalConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormLocalConfigModelType;
+  onModelChange?: (model: AccessEditFormLocalConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {} as AccessEditFormLocalConfigModelType;
+};
+
+const AccessEditFormLocalConfig = ({ form, formName, disabled, loading, model }: AccessEditFormLocalConfigProps) => {
+  const [initialValues, setInitialValues] = useState(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  return <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName}></Form>;
+};
+
+export default AccessEditFormLocalConfig;
--- a/ui/src/components/access/AccessEditFormNameSiloConfig.tsx
+++ b/ui/src/components/access/AccessEditFormNameSiloConfig.tsx
@ -0,0 +1,62 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type NameSiloAccessConfig } from "@/domain/access";
+
+type AccessEditFormNameSiloConfigModelType = Partial<NameSiloAccessConfig>;
+
+export type AccessEditFormNameSiloConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormNameSiloConfigModelType;
+  onModelChange?: (model: AccessEditFormNameSiloConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    apiKey: "",
+  } as AccessEditFormNameSiloConfigModelType;
+};
+
+const AccessEditFormNameSiloConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormNameSiloConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    apiKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.namesilo_api_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormNameSiloConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="apiKey"
+        label={t("access.form.namesilo_api_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.namesilo_api_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.namesilo_api_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormNameSiloConfig;
--- a/ui/src/components/access/AccessEditFormPowerDNSConfig.tsx
+++ b/ui/src/components/access/AccessEditFormPowerDNSConfig.tsx
@ -0,0 +1,73 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type PowerDNSAccessConfig } from "@/domain/access";
+
+type AccessEditFormPowerDNSConfigModelType = Partial<PowerDNSAccessConfig>;
+
+export type AccessEditFormPowerDNSConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormPowerDNSConfigModelType;
+  onModelChange?: (model: AccessEditFormPowerDNSConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    apiUrl: "",
+    apiKey: "",
+  } as AccessEditFormPowerDNSConfigModelType;
+};
+
+const AccessEditFormPowerDNSConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormPowerDNSConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    apiUrl: z.string().url(t("common.errmsg.url_invalid")),
+    apiKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.powerdns_api_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormPowerDNSConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="apiUrl"
+        label={t("access.form.powerdns_api_url.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.powerdns_api_url.tooltip") }}></span>}
+      >
+        <Input placeholder={t("access.form.powerdns_api_url.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="apiKey"
+        label={t("access.form.powerdns_api_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.powerdns_api_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.powerdns_api_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormPowerDNSConfig;
--- a/ui/src/components/access/AccessEditFormQiniuConfig.tsx
+++ b/ui/src/components/access/AccessEditFormQiniuConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type QiniuAccessConfig } from "@/domain/access";
+
+type AccessEditFormQiniuConfigModelType = Partial<QiniuAccessConfig>;
+
+export type AccessEditFormQiniuConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormQiniuConfigModelType;
+  onModelChange?: (model: AccessEditFormQiniuConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKey: "",
+    secretKey: "",
+  } as AccessEditFormQiniuConfigModelType;
+};
+
+const AccessEditFormQiniuConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormQiniuConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.qiniu_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.qiniu_secret_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormQiniuConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKey"
+        label={t("access.form.qiniu_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.qiniu_access_key.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.qiniu_access_key.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretKey"
+        label={t("access.form.qiniu_secret_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.qiniu_secret_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.qiniu_secret_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormQiniuConfig;
--- a/ui/src/components/access/AccessEditFormSSHConfig.tsx
+++ b/ui/src/components/access/AccessEditFormSSHConfig.tsx
@ -0,0 +1,165 @@
+import { useState } from "react";
+import { flushSync } from "react-dom";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Button, Form, Input, InputNumber, Upload, type FormInstance, type UploadFile, type UploadProps } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+import { Upload as UploadIcon } from "lucide-react";
+
+import { type SSHAccessConfig } from "@/domain/access";
+import { readFileContent } from "@/utils/file";
+
+type AccessEditFormSSHConfigModelType = Partial<SSHAccessConfig>;
+
+export type AccessEditFormSSHConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormSSHConfigModelType;
+  onModelChange?: (model: AccessEditFormSSHConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    host: "127.0.0.1",
+    port: 22,
+    username: "root",
+  } as AccessEditFormSSHConfigModelType;
+};
+
+const AccessEditFormSSHConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormSSHConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    host: z.string().refine(
+      (str) => {
+        const reIpv4 =
+          /^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+        const reIpv6 =
+          /^([\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)|::([\da−fA−F]1,4:)0,4((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|::([\da−fA−F]1,4:)0,4((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|^([\da-fA-F]{1,4}:):([\da-fA-F]{1,4}:){0,3}((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)|([\da−fA−F]1,4:)2:([\da−fA−F]1,4:)0,2((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|([\da−fA−F]1,4:)2:([\da−fA−F]1,4:)0,2((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|^([\da-fA-F]{1,4}:){3}:([\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)|([\da−fA−F]1,4:)4:((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|([\da−fA−F]1,4:)4:((25[0−5]|2[0−4]\d|[01]?\d\d?)\.)3(25[0−5]|2[0−4]\d|[01]?\d\d?)|^([\da-fA-F]{1,4}:){7}[\da-fA-F]{1,4}|:((:[\da−fA−F]1,4)1,6|:)|:((:[\da−fA−F]1,4)1,6|:)|^[\da-fA-F]{1,4}:((:[\da-fA-F]{1,4}){1,5}|:)|([\da−fA−F]1,4:)2((:[\da−fA−F]1,4)1,4|:)|([\da−fA−F]1,4:)2((:[\da−fA−F]1,4)1,4|:)|^([\da-fA-F]{1,4}:){3}((:[\da-fA-F]{1,4}){1,3}|:)|([\da−fA−F]1,4:)4((:[\da−fA−F]1,4)1,2|:)|([\da−fA−F]1,4:)4((:[\da−fA−F]1,4)1,2|:)|^([\da-fA-F]{1,4}:){5}:([\da-fA-F]{1,4})?|([\da−fA−F]1,4:)6:|([\da−fA−F]1,4:)6:/;
+        const reDomain = /^(?:\*\.)?([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}$/;
+        return reIpv4.test(str) || reIpv6.test(str) || reDomain.test(str);
+      },
+      { message: t("common.errmsg.host_invalid") }
+    ),
+    port: z
+      .number()
+      .int()
+      .gte(1, t("common.errmsg.port_invalid"))
+      .lte(65535, t("common.errmsg.port_invalid"))
+      .transform((v) => +v),
+    username: z
+      .string()
+      .min(1, "access.form.ssh_username.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    password: z
+      .string()
+      .min(0, "access.form.ssh_password.placeholder")
+      .max(64, t("common.errmsg.string_max", { max: 64 }))
+      .nullish(),
+    key: z
+      .string()
+      .min(0, "access.form.ssh_key.placeholder")
+      .max(20480, t("common.errmsg.string_max", { max: 20480 }))
+      .nullish(),
+    keyPassphrase: z
+      .string()
+      .min(0, "access.form.ssh_key_passphrase.placeholder")
+      .max(20480, t("common.errmsg.string_max", { max: 20480 }))
+      .nullish()
+      .refine((v) => !v || form.getFieldValue("key"), { message: t("access.form.ssh_key.placeholder") }),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+    setKeyFileList(model?.key?.trim() ? [{ uid: "-1", name: "sshkey", status: "done" }] : []);
+  }, [model]);
+
+  const [keyFileList, setKeyFileList] = useState<UploadFile[]>([]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormSSHConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  const handleUploadChange: UploadProps["onChange"] = async ({ file }) => {
+    if (file && file.status !== "removed") {
+      form.setFieldValue("kubeConfig", (await readFileContent(file.originFileObj ?? (file as unknown as File))).trim());
+      setKeyFileList([file]);
+    } else {
+      form.setFieldValue("kubeConfig", "");
+      setKeyFileList([]);
+    }
+
+    flushSync(() => onModelChange?.(form.getFieldsValue(true)));
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <div className="flex space-x-2">
+        <div className="w-2/3">
+          <Form.Item name="host" label={t("access.form.ssh_host.label")} rules={[formRule]}>
+            <Input placeholder={t("access.form.ssh_host.placeholder")} />
+          </Form.Item>
+        </div>
+
+        <div className="w-1/3">
+          <Form.Item name="port" label={t("access.form.ssh_port.label")} rules={[formRule]}>
+            <InputNumber className="w-full" placeholder={t("access.form.ssh_port.placeholder")} min={1} max={65535} />
+          </Form.Item>
+        </div>
+      </div>
+
+      <div className="flex space-x-2">
+        <div className="w-1/2">
+          <Form.Item name="username" label={t("access.form.ssh_username.label")} rules={[formRule]}>
+            <Input autoComplete="new-password" placeholder={t("access.form.ssh_username.placeholder")} />
+          </Form.Item>
+        </div>
+
+        <div className="w-1/2">
+          <Form.Item
+            name="password"
+            label={t("access.form.ssh_password.label")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.ssh_password.tooltip") }}></span>}
+          >
+            <Input.Password autoComplete="new-password" placeholder={t("access.form.ssh_password.placeholder")} />
+          </Form.Item>
+        </div>
+      </div>
+
+      <div className="flex space-x-2">
+        <div className="w-1/2">
+          <Form.Item
+            name="key"
+            label={t("access.form.ssh_key.label")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.ssh_key.tooltip") }}></span>}
+          >
+            <Input.TextArea autoComplete="new-password" hidden placeholder={t("access.form.ssh_key.placeholder")} value={form.getFieldValue("key")} />
+            <Upload beforeUpload={() => false} fileList={keyFileList} maxCount={1} onChange={handleUploadChange}>
+              <Button icon={<UploadIcon size={16} />}>{t("access.form.ssh_key.upload")}</Button>
+            </Upload>
+          </Form.Item>
+        </div>
+
+        <div className="w-1/2">
+          <Form.Item
+            name="keyPassphrase"
+            label={t("access.form.ssh_key_passphrase.label")}
+            rules={[formRule]}
+            tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.ssh_key_passphrase.tooltip") }}></span>}
+          >
+            <Input.Password autoComplete="new-password" placeholder={t("access.form.ssh_key_passphrase.placeholder")} />
+          </Form.Item>
+        </div>
+      </div>
+    </Form>
+  );
+};
+
+export default AccessEditFormSSHConfig;
--- a/ui/src/components/access/AccessEditFormTencentCloudConfig.tsx
+++ b/ui/src/components/access/AccessEditFormTencentCloudConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type TencentCloudAccessConfig } from "@/domain/access";
+
+type AccessEditFormTencentCloudConfigModelType = Partial<TencentCloudAccessConfig>;
+
+export type AccessEditFormTencentCloudConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormTencentCloudConfigModelType;
+  onModelChange?: (model: AccessEditFormTencentCloudConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    secretId: "",
+    secretKey: "",
+  } as AccessEditFormTencentCloudConfigModelType;
+};
+
+const AccessEditFormTencentCloudConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormTencentCloudConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    secretId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.tencentcloud_secret_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.tencentcloud_secret_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormTencentCloudConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="secretId"
+        label={t("access.form.tencentcloud_secret_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.tencentcloud_secret_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.tencentcloud_secret_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretKey"
+        label={t("access.form.tencentcloud_secret_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.tencentcloud_secret_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.tencentcloud_secret_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormTencentCloudConfig;
--- a/ui/src/components/access/AccessEditFormVolcEngineConfig.tsx
+++ b/ui/src/components/access/AccessEditFormVolcEngineConfig.tsx
@ -0,0 +1,77 @@
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useDeepCompareEffect } from "ahooks";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type VolcEngineAccessConfig } from "@/domain/access";
+
+type AccessEditFormVolcEngineConfigModelType = Partial<VolcEngineAccessConfig>;
+
+export type AccessEditFormVolcEngineConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormVolcEngineConfigModelType;
+  onModelChange?: (model: AccessEditFormVolcEngineConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    accessKeyId: "",
+    secretAccessKey: "",
+  } as AccessEditFormVolcEngineConfigModelType;
+};
+
+const AccessEditFormVolcEngineConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormVolcEngineConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    accessKeyId: z
+      .string()
+      .trim()
+      .min(1, t("access.form.volcengine_access_key_id.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+    secretAccessKey: z
+      .string()
+      .trim()
+      .min(1, t("access.form.volcengine_secret_access_key.placeholder"))
+      .max(64, t("common.errmsg.string_max", { max: 64 })),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useDeepCompareEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormVolcEngineConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item
+        name="accessKeyId"
+        label={t("access.form.volcengine_access_key_id.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.volcengine_access_key_id.tooltip") }}></span>}
+      >
+        <Input autoComplete="new-password" placeholder={t("access.form.volcengine_access_key_id.placeholder")} />
+      </Form.Item>
+
+      <Form.Item
+        name="secretAccessKey"
+        label={t("access.form.volcengine_secret_access_key.label")}
+        rules={[formRule]}
+        tooltip={<span dangerouslySetInnerHTML={{ __html: t("access.form.volcengine_secret_access_key.tooltip") }}></span>}
+      >
+        <Input.Password autoComplete="new-password" placeholder={t("access.form.volcengine_secret_access_key.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormVolcEngineConfig;
--- a/ui/src/components/access/AccessEditFormWebhookConfig.tsx
+++ b/ui/src/components/access/AccessEditFormWebhookConfig.tsx
@ -0,0 +1,55 @@
+import { useEffect, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { Form, Input, type FormInstance } from "antd";
+import { createSchemaFieldRule } from "antd-zod";
+import { z } from "zod";
+
+import { type WebhookAccessConfig } from "@/domain/access";
+
+type AccessEditFormWebhookConfigModelType = Partial<WebhookAccessConfig>;
+
+export type AccessEditFormWebhookConfigProps = {
+  form: FormInstance;
+  formName: string;
+  disabled?: boolean;
+  loading?: boolean;
+  model?: AccessEditFormWebhookConfigModelType;
+  onModelChange?: (model: AccessEditFormWebhookConfigModelType) => void;
+};
+
+const initModel = () => {
+  return {
+    url: "",
+  } as AccessEditFormWebhookConfigModelType;
+};
+
+const AccessEditFormWebhookConfig = ({ form, formName, disabled, loading, model, onModelChange }: AccessEditFormWebhookConfigProps) => {
+  const { t } = useTranslation();
+
+  const formSchema = z.object({
+    url: z
+      .string()
+      .min(1, { message: t("access.form.webhook_url.placeholder") })
+      .url({ message: t("common.errmsg.url_invalid") }),
+  });
+  const formRule = createSchemaFieldRule(formSchema);
+
+  const [initialValues, setInitialValues] = useState<Partial<z.infer<typeof formSchema>>>(model ?? initModel());
+  useEffect(() => {
+    setInitialValues(model ?? initModel());
+  }, [model]);
+
+  const handleFormChange = (_: unknown, fields: AccessEditFormWebhookConfigModelType) => {
+    onModelChange?.(fields);
+  };
+
+  return (
+    <Form form={form} disabled={loading || disabled} initialValues={initialValues} layout="vertical" name={formName} onValuesChange={handleFormChange}>
+      <Form.Item name="url" label={t("access.form.webhook_url.label")} rules={[formRule]}>
+        <Input placeholder={t("access.form.webhook_url.placeholder")} />
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default AccessEditFormWebhookConfig;
--- a/ui/src/components/access/AccessEditModal.tsx
+++ b/ui/src/components/access/AccessEditModal.tsx
@ -0,0 +1,117 @@
+import { cloneElement, useMemo, useRef, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { useControllableValue } from "ahooks";
+import { Modal, notification } from "antd";
+
+import { type AccessModel } from "@/domain/access";
+import { useAccessStore } from "@/stores/access";
+import { getErrMsg } from "@/utils/error";
+import AccessEditForm, { type AccessEditFormInstance, type AccessEditFormProps } from "./AccessEditForm";
+
+export type AccessEditModalProps = {
+  data?: AccessEditFormProps["model"];
+  loading?: boolean;
+  mode: AccessEditFormProps["mode"];
+  open?: boolean;
+  trigger?: React.ReactElement;
+  onOpenChange?: (open: boolean) => void;
+};
+
+const AccessEditModal = ({ data, loading, mode, trigger, ...props }: AccessEditModalProps) => {
+  const { t } = useTranslation();
+
+  const [notificationApi, NotificationContextHolder] = notification.useNotification();
+
+  const { createAccess, updateAccess } = useAccessStore();
+
+  const [open, setOpen] = useControllableValue<boolean>(props, {
+    valuePropName: "open",
+    defaultValuePropName: "defaultOpen",
+    trigger: "onOpenChange",
+  });
+
+  const triggerEl = useMemo(() => {
+    if (!trigger) {
+      return null;
+    }
+
+    return cloneElement(trigger, {
+      ...trigger.props,
+      onClick: () => {
+        setOpen(true);
+        trigger.props?.onClick?.();
+      },
+    });
+  }, [trigger, setOpen]);
+
+  const formRef = useRef<AccessEditFormInstance>(null);
+  const [formPending, setFormPending] = useState(false);
+
+  const handleClickOk = async () => {
+    setFormPending(true);
+    try {
+      await formRef.current!.validateFields();
+    } catch (err) {
+      setFormPending(false);
+      return Promise.reject();
+    }
+
+    try {
+      if (mode === "add") {
+        if (data?.id) {
+          throw "Invalid props: `data`";
+        }
+
+        await createAccess(formRef.current!.getFieldsValue() as AccessModel);
+      } else if (mode === "edit") {
+        if (!data?.id) {
+          throw "Invalid props: `data`";
+        }
+
+        await updateAccess({ ...data, ...formRef.current!.getFieldsValue() } as AccessModel);
+      }
+
+      setOpen(false);
+    } catch (err) {
+      notificationApi.error({ message: t("common.text.request_error"), description: getErrMsg(err) });
+
+      throw err;
+    } finally {
+      setFormPending(false);
+    }
+  };
+
+  const handleClickCancel = () => {
+    if (formPending) return Promise.reject();
+
+    setOpen(false);
+  };
+
+  return (
+    <>
+      {NotificationContextHolder}
+
+      {triggerEl}
+
+      <Modal
+        afterClose={() => setOpen(false)}
+        cancelButtonProps={{ disabled: formPending }}
+        closable
+        confirmLoading={formPending}
+        destroyOnClose
+        loading={loading}
+        okText={mode === "edit" ? t("common.button.save") : t("common.button.submit")}
+        open={open}
+        title={t(`access.action.${mode}`)}
+        onOk={handleClickOk}
+        onCancel={handleClickCancel}
+      >
+        <div className="pt-4 pb-2">
+          <AccessEditForm ref={formRef} mode={mode === "add" ? "add" : "edit"} model={data} />
+        </div>
+      </Modal>
+    </>
+  );
+};
+
+export default AccessEditModal;
--- a/ui/src/components/access/AccessSelect.tsx
+++ b/ui/src/components/access/AccessSelect.tsx
@ -0,0 +1,76 @@
+import { useEffect, useState } from "react";
+import { Avatar, Select, Space, Typography, type SelectProps } from "antd";
+
+import { accessProvidersMap, type AccessModel } from "@/domain/access";
+import { useAccessStore } from "@/stores/access";
+
+export type AccessTypeSelectProps = Omit<
+  SelectProps,
+  "filterOption" | "filterSort" | "labelRender" | "loading" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
+> & {
+  filter?: (record: AccessModel) => boolean;
+};
+
+const AccessSelect = ({ filter, ...props }: AccessTypeSelectProps) => {
+  const { initialized, accesses, fetchAccesses } = useAccessStore();
+  useEffect(() => {
+    fetchAccesses();
+  }, [fetchAccesses]);
+
+  const [options, setOptions] = useState<Array<{ key: string; value: string; label: string; data: AccessModel }>>([]);
+  useEffect(() => {
+    const items = filter != null ? accesses.filter(filter) : accesses;
+    setOptions(
+      items.map((item) => ({
+        key: item.id,
+        value: item.id,
+        label: item.name,
+        data: item,
+      }))
+    );
+  }, [accesses, filter]);
+
+  const renderOption = (key: string) => {
+    const access = accesses.find((e) => e.id === key);
+    if (!access) {
+      return (
+        <Space className="flex-grow max-w-full truncate" size={4}>
+          <Avatar size="small" />
+          <Typography.Text className="leading-loose" ellipsis>
+            {key}
+          </Typography.Text>
+        </Space>
+      );
+    }
+
+    const provider = accessProvidersMap.get(access.configType);
+    return (
+      <Space className="flex-grow max-w-full truncate" size={4}>
+        <Avatar src={provider?.icon} size="small" />
+        <Typography.Text className="leading-loose" ellipsis>
+          {access.name}
+        </Typography.Text>
+      </Space>
+    );
+  };
+
+  return (
+    <Select
+      {...props}
+      labelRender={({ label, value }) => {
+        if (label) {
+          return renderOption(value as string);
+        }
+
+        return <Typography.Text type="secondary">{props.placeholder}</Typography.Text>;
+      }}
+      loading={!initialized}
+      options={options}
+      optionFilterProp="label"
+      optionLabelProp={undefined}
+      optionRender={(option) => renderOption(option.data.value)}
+    />
+  );
+};
+
+export default AccessSelect;
--- a/ui/src/components/access/AccessTypeSelect.tsx
+++ b/ui/src/components/access/AccessTypeSelect.tsx
@ -0,0 +1,71 @@
+import { memo } from "react";
+import { useTranslation } from "react-i18next";
+import { Avatar, Select, Space, Tag, Typography, type SelectProps } from "antd";
+
+import { ACCESS_PROVIDER_USAGES, accessProvidersMap } from "@/domain/access";
+
+export type AccessTypeSelectProps = Omit<
+  SelectProps,
+  "filterOption" | "filterSort" | "labelRender" | "options" | "optionFilterProp" | "optionLabelProp" | "optionRender"
+>;
+
+const AccessTypeSelect = memo((props: AccessTypeSelectProps) => {
+  const { t } = useTranslation();
+
+  const options = Array.from(accessProvidersMap.values()).map((item) => ({
+    key: item.type,
+    value: item.type,
+    label: t(item.name),
+  }));
+
+  const renderOption = (key: string) => {
+    const provider = accessProvidersMap.get(key);
+    return (
+      <div className="flex items-center justify-between gap-4 max-w-full overflow-hidden">
+        <Space className="flex-grow max-w-full truncate" size={4}>
+          <Avatar src={provider?.icon} size="small" />
+          <Typography.Text className="leading-loose" ellipsis>
+            {t(provider?.name ?? "")}
+          </Typography.Text>
+        </Space>
+        <div>
+          {provider?.usage === ACCESS_PROVIDER_USAGES.APPLY && (
+            <>
+              <Tag color="orange">{t("access.props.provider.usage.dns")}</Tag>
+            </>
+          )}
+          {provider?.usage === ACCESS_PROVIDER_USAGES.DEPLOY && (
+            <>
+              <Tag color="blue">{t("access.props.provider.usage.host")}</Tag>
+            </>
+          )}
+          {provider?.usage === ACCESS_PROVIDER_USAGES.ALL && (
+            <>
+              <Tag color="orange">{t("access.props.provider.usage.dns")}</Tag>
+              <Tag color="blue">{t("access.props.provider.usage.host")}</Tag>
+            </>
+          )}
+        </div>
+      </div>
+    );
+  };
+
+  return (
+    <Select
+      {...props}
+      labelRender={({ label, value }) => {
+        if (label) {
+          return renderOption(value as string);
+        }
+
+        return <Typography.Text type="secondary">{props.placeholder}</Typography.Text>;
+      }}
+      options={options}
+      optionFilterProp={undefined}
+      optionLabelProp={undefined}
+      optionRender={(option) => renderOption(option.data.value)}
+    />
+  );
+});
+
+export default AccessTypeSelect;
--- a/ui/src/components/certificate/CertificateDetail.tsx
+++ b/ui/src/components/certificate/CertificateDetail.tsx
@ -2,15 +2,18 @@ import { useTranslation } from "react-i18next";
 import { Button, Dropdown, Form, Input, message, Space, Tooltip } from "antd";
 import { CopyToClipboard } from "react-copy-to-clipboard";
 import { ChevronDown as ChevronDownIcon, Clipboard as ClipboardIcon, ThumbsUp as ThumbsUpIcon } from "lucide-react";
+import dayjs from "dayjs";

 import { type CertificateModel } from "@/domain/certificate";
 import { saveFiles2Zip } from "@/utils/file";

-type CertificateDetailProps = {
+export type CertificateDetailProps = {
+  className?: string;
+  style?: React.CSSProperties;
  data: CertificateModel;
 };

-const CertificateDetail = ({ data }: CertificateDetailProps) => {
+const CertificateDetail = ({ data, ...props }: CertificateDetailProps) => {
  const { t } = useTranslation();

  const [messageApi, MessageContextHolder] = message.useMessage();
@ -32,10 +35,14 @@ const CertificateDetail = ({ data }: CertificateDetailProps) => {
  };

  return (
-    <div>
+    <div {...props}>
      {MessageContextHolder}

      <Form layout="vertical">
+        <Form.Item label={t("certificate.props.san")}>{data.san}</Form.Item>
+
+        <Form.Item label={t("certificate.props.expiry")}>{dayjs(data.expireAt).format("YYYY-MM-DD HH:mm:ss")}</Form.Item>
+
        <Form.Item>
          <div className="flex items-center justify-between w-full mb-2">
            <label className="font-medium">{t("certificate.props.certificate_chain")}</label>
--- a/ui/src/components/certificate/CertificateDetailDrawer.tsx
+++ b/ui/src/components/certificate/CertificateDetailDrawer.tsx
@ -1,25 +1,47 @@
-import { useEffect, useState } from "react";
+import { cloneElement, useMemo } from "react";
+import { useControllableValue } from "ahooks";
 import { Drawer } from "antd";

 import { type CertificateModel } from "@/domain/certificate";
 import CertificateDetail from "./CertificateDetail";

-type CertificateDetailDrawerProps = {
+export type CertificateDetailDrawerProps = {
  data?: CertificateModel;
+  loading?: boolean;
  open?: boolean;
-  onClose?: () => void;
+  trigger?: React.ReactElement;
+  onOpenChange?: (open: boolean) => void;
 };

-const CertificateDetailDrawer = ({ data, open, onClose }: CertificateDetailDrawerProps) => {
-  const [loading, setLoading] = useState(true);
-  useEffect(() => {
-    setLoading(data == null);
-  }, [data]);
+const CertificateDetailDrawer = ({ data, loading, trigger, ...props }: CertificateDetailDrawerProps) => {
+  const [open, setOpen] = useControllableValue<boolean>(props, {
+    valuePropName: "open",
+    defaultValuePropName: "defaultOpen",
+    trigger: "onOpenChange",
+  });
+
+  const triggerEl = useMemo(() => {
+    if (!trigger) {
+      return null;
+    }
+
+    return cloneElement(trigger, {
+      ...trigger.props,
+      onClick: () => {
+        setOpen(true);
+        trigger.props?.onClick?.();
+      },
+    });
+  }, [trigger, setOpen]);

  return (
-    <Drawer closable destroyOnClose open={open} loading={loading} placement="right" width={480} onClose={onClose}>
+    <>
+      {triggerEl}
+
+      <Drawer closable destroyOnClose open={open} loading={loading} placement="right" width={480} onClose={() => setOpen(false)}>
        {data ? <CertificateDetail data={data} /> : <></>}
      </Drawer>
+    </>
  );
 };

--- a/ui/src/components/certimate/AccessAliyunForm.tsx
+++ b/ui/src/components/certimate/AccessAliyunForm.tsx
@ -1,197 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type AliyunConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessAliyunFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessAliyunForm = ({ data, op, onAfterReq }: AccessAliyunFormProps) => {
-  const { t } = useTranslation();
-
-  const { createAccess, updateAccess } = useAccessStore();
-
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    accessKeyId: z
-      .string()
-      .min(1, "access.authorization.form.access_key_id.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    accessSecretId: z
-      .string()
-      .min(1, "access.authorization.form.access_key_secret.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: AliyunConfig = {
-    accessKeyId: "",
-    accessKeySecret: "",
-  };
-  if (data) config = data.config as AliyunConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "aliyun",
-      accessKeyId: config.accessKeyId,
-      accessSecretId: config.accessKeySecret,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        accessKeyId: data.accessKeyId,
-        accessKeySecret: data.accessSecretId,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKeyId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessSecretId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key_secret.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key_secret.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessAliyunForm;
--- a/ui/src/components/certimate/AccessAwsForm.tsx
+++ b/ui/src/components/certimate/AccessAwsForm.tsx
@ -1,241 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Input } from "@/components/ui/input";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Button } from "@/components/ui/button";
-import { PbErrorData } from "@/domain/base";
-import { AccessModel, accessProvidersMap, accessTypeFormSchema, type AwsConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessAwsFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessAwsForm = ({ data, op, onAfterReq }: AccessAwsFormProps) => {
-  const { t } = useTranslation();
-
-  const { createAccess, updateAccess } = useAccessStore();
-
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    region: z
-      .string()
-      .min(1, "access.authorization.form.region.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    accessKeyId: z
-      .string()
-      .min(1, "access.authorization.form.access_key_id.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    secretAccessKey: z
-      .string()
-      .min(1, "access.authorization.form.secret_access_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    hostedZoneId: z
-      .string()
-      .min(0, "access.authorization.form.aws_hosted_zone_id.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: AwsConfig = {
-    region: "cn-north-1",
-    accessKeyId: "",
-    secretAccessKey: "",
-    hostedZoneId: "",
-  };
-  if (data) config = data.config as AwsConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "aws",
-      region: config.region,
-      accessKeyId: config.accessKeyId,
-      secretAccessKey: config.secretAccessKey,
-      hostedZoneId: config.hostedZoneId,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        region: data.region,
-        accessKeyId: data.accessKeyId,
-        secretAccessKey: data.secretAccessKey,
-        hostedZoneId: data.hostedZoneId,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="region"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.region.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.region.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKeyId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="secretAccessKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.secret_access_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.secret_access_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="hostedZoneId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.aws_hosted_zone_id.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.aws_hosted_zone_id.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessAwsForm;
--- a/ui/src/components/certimate/AccessBaiduCloudForm.tsx
+++ b/ui/src/components/certimate/AccessBaiduCloudForm.tsx
@ -1,197 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Input } from "@/components/ui/input";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Button } from "@/components/ui/button";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type BaiduCloudConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessBaiduCloudFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessBaiduCloudForm = ({ data, op, onAfterReq }: AccessBaiduCloudFormProps) => {
-  const { t } = useTranslation();
-
-  const { createAccess, updateAccess } = useAccessStore();
-
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    accessKeyId: z
-      .string()
-      .min(1, "access.authorization.form.access_key_id.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    secretAccessKey: z
-      .string()
-      .min(1, "access.authorization.form.secret_access_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: BaiduCloudConfig = {
-    accessKeyId: "",
-    secretAccessKey: "",
-  };
-  if (data) config = data.config as BaiduCloudConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "baiducloud",
-      accessKeyId: config.accessKeyId,
-      secretAccessKey: config.secretAccessKey,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        accessKeyId: data.accessKeyId,
-        secretAccessKey: data.secretAccessKey,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKeyId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="secretAccessKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.secret_access_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.secret_access_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessBaiduCloudForm;
--- a/ui/src/components/certimate/AccessByteplusForm.tsx
+++ b/ui/src/components/certimate/AccessByteplusForm.tsx
@ -1,194 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Input } from "@/components/ui/input";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Button } from "@/components/ui/button";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type ByteplusConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessByteplusFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessByteplusForm = ({ data, op, onAfterReq }: AccessByteplusFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    accessKey: z
-      .string()
-      .min(1, "access.authorization.form.access_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    secretKey: z
-      .string()
-      .min(1, "access.authorization.form.secret_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: ByteplusConfig = {
-    accessKey: "",
-    secretKey: "",
-  };
-  if (data) config = data.config as ByteplusConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "byteplus",
-      accessKey: config.accessKey,
-      secretKey: config.secretKey,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        accessKey: data.accessKey,
-        secretKey: data.secretKey,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="secretKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.secret_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.secret_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessByteplusForm;
--- a/ui/src/components/certimate/AccessCloudflareForm.tsx
+++ b/ui/src/components/certimate/AccessCloudflareForm.tsx
@ -1,168 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type CloudflareConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessCloudflareFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessCloudflareForm = ({ data, op, onAfterReq }: AccessCloudflareFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    dnsApiToken: z
-      .string()
-      .min(1, "access.authorization.form.cloud_dns_api_token.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: CloudflareConfig = {
-    dnsApiToken: "",
-  };
-  if (data) config = data.config as CloudflareConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "cloudflare",
-      dnsApiToken: config.dnsApiToken,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        dnsApiToken: data.dnsApiToken,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="dnsApiToken"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.cloud_dns_api_token.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.cloud_dns_api_token.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessCloudflareForm;
--- a/ui/src/components/certimate/AccessDogeCloudForm.tsx
+++ b/ui/src/components/certimate/AccessDogeCloudForm.tsx
@ -1,188 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type DogeCloudConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessDogeCloudFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessDogeCloudForm = ({ data, op, onAfterReq }: AccessDogeCloudFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    accessKey: z.string().min(1, "access.authorization.form.access_key.placeholder").max(64),
-    secretKey: z.string().min(1, "access.authorization.form.secret_key.placeholder").max(64),
-  });
-
-  let config: DogeCloudConfig = {
-    accessKey: "",
-    secretKey: "",
-  };
-  if (data) config = data.config as DogeCloudConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "dogecloud",
-      accessKey: config.accessKey,
-      secretKey: config.secretKey,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        accessKey: data.accessKey,
-        secretKey: data.secretKey,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="secretKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.secret_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.secret_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessDogeCloudForm;
--- a/ui/src/components/certimate/AccessEditDialog.tsx
+++ b/ui/src/components/certimate/AccessEditDialog.tsx
@ -1,306 +0,0 @@
-import { useEffect, useState } from "react";
-import { useTranslation } from "react-i18next";
-
-import { cn } from "@/components/ui/utils";
-import { Dialog, DialogContent, DialogHeader, DialogTitle, DialogTrigger } from "@/components/ui/dialog";
-import { Label } from "@/components/ui/label";
-import { ScrollArea } from "@/components/ui/scroll-area";
-import AccessAliyunForm from "./AccessAliyunForm";
-import AccessTencentForm from "./AccessTencentForm";
-import AccessHuaweiCloudForm from "./AccessHuaweicloudForm";
-import AccessBaiduCloudForm from "./AccessBaiduCloudForm";
-import AccessQiniuForm from "./AccessQiniuForm";
-import AccessDogeCloudForm from "./AccessDogeCloudForm";
-import AccessAwsForm from "./AccessAwsForm";
-import AccessCloudflareForm from "./AccessCloudflareForm";
-import AccessNamesiloForm from "./AccessNamesiloForm";
-import AccessGodaddyForm from "./AccessGodaddyForm";
-import AccessPdnsForm from "./AccessPdnsForm";
-import AccessHttpreqForm from "./AccessHttpreqForm";
-import AccessLocalForm from "./AccessLocalForm";
-import AccessSSHForm from "./AccessSSHForm";
-import AccessWebhookForm from "./AccessWebhookForm";
-import AccessKubernetesForm from "./AccessKubernetesForm";
-import AccessVolcengineForm from "./AccessVolcengineForm";
-import AccessByteplusForm from "./AccessByteplusForm";
-import { AccessModel } from "@/domain/access";
-import { AccessTypeSelect } from "./AccessTypeSelect";
-
-type AccessEditProps = {
-  op: "add" | "edit" | "copy";
-  className?: string;
-  trigger: React.ReactNode;
-  data?: AccessModel;
-  outConfigType?: string;
-};
-
-const AccessEditDialog = ({ trigger, op, data, className, outConfigType }: AccessEditProps) => {
-  const { t } = useTranslation();
-
-  const [open, setOpen] = useState(false);
-
-  const [configType, setConfigType] = useState(data?.configType || "");
-
-  useEffect(() => {
-    if (outConfigType) {
-      setConfigType(outConfigType);
-    }
-  }, [outConfigType]);
-
-  let childComponent = <> </>;
-  switch (configType) {
-    case "aliyun":
-      childComponent = (
-        <AccessAliyunForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "tencent":
-      childComponent = (
-        <AccessTencentForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "huaweicloud":
-      childComponent = (
-        <AccessHuaweiCloudForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "baiducloud":
-      childComponent = (
-        <AccessBaiduCloudForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "qiniu":
-      childComponent = (
-        <AccessQiniuForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "dogecloud":
-      childComponent = (
-        <AccessDogeCloudForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "aws":
-      childComponent = (
-        <AccessAwsForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "cloudflare":
-      childComponent = (
-        <AccessCloudflareForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "namesilo":
-      childComponent = (
-        <AccessNamesiloForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "godaddy":
-      childComponent = (
-        <AccessGodaddyForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "pdns":
-      childComponent = (
-        <AccessPdnsForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "httpreq":
-      childComponent = (
-        <AccessHttpreqForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "local":
-      childComponent = (
-        <AccessLocalForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "ssh":
-      childComponent = (
-        <AccessSSHForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "webhook":
-      childComponent = (
-        <AccessWebhookForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "k8s":
-      childComponent = (
-        <AccessKubernetesForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "volcengine":
-      childComponent = (
-        <AccessVolcengineForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-    case "byteplus":
-      childComponent = (
-        <AccessByteplusForm
-          data={data}
-          op={op}
-          onAfterReq={() => {
-            setOpen(false);
-          }}
-        />
-      );
-      break;
-  }
-
-  return (
-    <Dialog
-      onOpenChange={(openState) => {
-        if (openState) {
-          document.body.style.pointerEvents = "auto";
-        }
-        setOpen(openState);
-      }}
-      open={open}
-      modal={false}
-    >
-      <DialogTrigger asChild className={cn(className)}>
-        {trigger}
-      </DialogTrigger>
-      <DialogContent
-        className="sm:max-w-[600px] w-full dark:text-stone-200"
-        onInteractOutside={(event) => {
-          event.preventDefault();
-        }}
-      >
-        <DialogHeader>
-          <DialogTitle>
-            {
-              {
-                ["add"]: t("access.action.add"),
-                ["edit"]: t("access.action.edit"),
-                ["copy"]: t("access.action.copy"),
-              }[op]
-            }
-          </DialogTitle>
-        </DialogHeader>
-        <ScrollArea className="max-h-[80vh]">
-          <div className="container py-3">
-            <div>
-              <Label>{t("access.authorization.form.type.label")}</Label>
-              <AccessTypeSelect
-                value={configType}
-                onChange={(val) => {
-                  setConfigType(val);
-                }}
-                className="w-full mt-3"
-                placeholder={t("access.authorization.form.type.placeholder")}
-                searchPlaceholder={t("access.authorization.form.type.search.placeholder")}
-              />
-            </div>
-
-            <div className="mt-8">{childComponent}</div>
-          </div>
-        </ScrollArea>
-      </DialogContent>
-    </Dialog>
-  );
-};
-
-export default AccessEditDialog;
--- a/ui/src/components/certimate/AccessGodaddyForm.tsx
+++ b/ui/src/components/certimate/AccessGodaddyForm.tsx
@ -1,190 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Input } from "@/components/ui/input";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type GodaddyConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessGodaddyFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessGodaddyForm = ({ data, op, onAfterReq }: AccessGodaddyFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    apiKey: z
-      .string()
-      .min(1, "access.authorization.form.godaddy_api_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    apiSecret: z
-      .string()
-      .min(1, "access.authorization.form.godaddy_api_secret.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: GodaddyConfig = {
-    apiKey: "",
-    apiSecret: "",
-  };
-  if (data) config = data.config as GodaddyConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "godaddy",
-      apiKey: config.apiKey,
-      apiSecret: config.apiSecret,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        apiKey: data.apiKey,
-        apiSecret: data.apiSecret,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="apiKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.godaddy_api_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.godaddy_api_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="apiSecret"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.godaddy_api_secret.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.godaddy_api_secret.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessGodaddyForm;
--- a/ui/src/components/certimate/AccessHttpreqForm.tsx
+++ b/ui/src/components/certimate/AccessHttpreqForm.tsx
@ -1,233 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type HttpreqConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessHttpreqFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessHttpreqForm = ({ data, op, onAfterReq }: AccessHttpreqFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    endpoint: z.string().url("common.errmsg.url_invalid"),
-    mode: z.enum(["RAW", ""]),
-    username: z
-      .string()
-      .min(1, "access.authorization.form.access_key_secret.placeholder")
-      .max(128, t("common.errmsg.string_max", { max: 128 })),
-    password: z
-      .string()
-      .min(1, "access.authorization.form.access_key_secret.placeholder")
-      .max(128, t("common.errmsg.string_max", { max: 128 })),
-  });
-
-  let config: HttpreqConfig = {
-    endpoint: "",
-    mode: "",
-    username: "",
-    password: "",
-  };
-  if (data) config = data.config as HttpreqConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "httpreq",
-      endpoint: config.endpoint,
-      mode: config.mode === "RAW" ? "RAW" : "",
-      username: config.username,
-      password: config.password,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        endpoint: data.endpoint,
-        mode: data.mode,
-        username: data.username,
-        password: data.password,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="endpoint"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.httpreq_endpoint.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.httpreq_endpoint.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="mode"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.httpreq_mode.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.httpreq_mode.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="username"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.username.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.username.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="password"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.password.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.password.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessHttpreqForm;
--- a/ui/src/components/certimate/AccessHuaweicloudForm.tsx
+++ b/ui/src/components/certimate/AccessHuaweicloudForm.tsx
@ -1,216 +0,0 @@
-import { useForm } from "react-hook-form";
-import { useTranslation } from "react-i18next";
-import z from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Input } from "@/components/ui/input";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Button } from "@/components/ui/button";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type HuaweiCloudConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessHuaweiCloudFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessHuaweiCloudForm = ({ data, op, onAfterReq }: AccessHuaweiCloudFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-  const { t } = useTranslation();
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    region: z
-      .string()
-      .min(1, "access.authorization.form.region.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    accessKeyId: z
-      .string()
-      .min(1, "access.authorization.form.access_key_id.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    secretAccessKey: z
-      .string()
-      .min(1, "access.authorization.form.secret_access_key.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-  });
-
-  let config: HuaweiCloudConfig = {
-    region: "cn-north-1",
-    accessKeyId: "",
-    secretAccessKey: "",
-  };
-  if (data) config = data.config as HuaweiCloudConfig;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "huaweicloud",
-      region: config.region,
-      accessKeyId: config.accessKeyId,
-      secretAccessKey: config.secretAccessKey,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        region: data.region,
-        accessKeyId: data.accessKeyId,
-        secretAccessKey: data.secretAccessKey,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-        return;
-      }
-      createAccess(req);
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="id"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="configType"
-            render={({ field }) => (
-              <FormItem className="hidden">
-                <FormLabel>{t("access.authorization.form.config.label")}</FormLabel>
-                <FormControl>
-                  <Input {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="region"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.region.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.region.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="accessKeyId"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.access_key_id.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.access_key_id.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="secretAccessKey"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.secret_access_key.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.secret_access_key.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessHuaweiCloudForm;
--- a/ui/src/components/certimate/AccessKubernetesForm.tsx
+++ b/ui/src/components/certimate/AccessKubernetesForm.tsx
@ -1,193 +0,0 @@
-import { useRef, useState } from "react";
-import { useTranslation } from "react-i18next";
-import { useForm } from "react-hook-form";
-import { z } from "zod";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { ClientResponseError } from "pocketbase";
-
-import { Button } from "@/components/ui/button";
-import { Form, FormControl, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { readFileContent } from "@/utils/file";
-import { PbErrorData } from "@/domain/base";
-import { accessProvidersMap, accessTypeFormSchema, type AccessModel, type KubernetesConfig } from "@/domain/access";
-import { save } from "@/repository/access";
-import { useAccessStore } from "@/stores/access";
-
-type AccessKubernetesFormProps = {
-  op: "add" | "edit" | "copy";
-  data?: AccessModel;
-  onAfterReq: () => void;
-};
-
-const AccessKubernetesForm = ({ data, op, onAfterReq }: AccessKubernetesFormProps) => {
-  const { createAccess, updateAccess } = useAccessStore();
-
-  const fileInputRef = useRef<HTMLInputElement | null>(null);
-  const [fileName, setFileName] = useState("");
-
-  const { t } = useTranslation();
-
-  const formSchema = z.object({
-    id: z.string().optional(),
-    name: z
-      .string()
-      .min(1, "access.authorization.form.name.placeholder")
-      .max(64, t("common.errmsg.string_max", { max: 64 })),
-    configType: accessTypeFormSchema,
-    kubeConfig: z
-      .string()
-      .min(0, "access.authorization.form.k8s_kubeconfig.placeholder")
-      .max(20480, t("common.errmsg.string_max", { max: 20480 })),
-    kubeConfigFile: z.any().optional(),
-  });
-
-  let config: KubernetesConfig & { kubeConfigFile?: string } = {
-    kubeConfig: "",
-    kubeConfigFile: "",
-  };
-  if (data) config = data.config as typeof config;
-
-  const form = useForm<z.infer<typeof formSchema>>({
-    resolver: zodResolver(formSchema),
-    defaultValues: {
-      id: data?.id,
-      name: data?.name || "",
-      configType: "k8s",
-      kubeConfig: config.kubeConfig,
-      kubeConfigFile: config.kubeConfigFile,
-    },
-  });
-
-  const onSubmit = async (data: z.infer<typeof formSchema>) => {
-    const req: AccessModel = {
-      id: data.id as string,
-      name: data.name,
-      configType: data.configType,
-      usage: accessProvidersMap.get(data.configType)!.usage,
-      config: {
-        kubeConfig: data.kubeConfig,
-      },
-    };
-
-    try {
-      req.id = op == "copy" ? "" : req.id;
-      const rs = await save(req);
-
-      onAfterReq();
-
-      req.id = rs.id;
-      req.created = rs.created;
-      req.updated = rs.updated;
-      if (data.id && op == "edit") {
-        updateAccess(req);
-      } else {
-        createAccess(req);
-      }
-    } catch (e) {
-      const err = e as ClientResponseError;
-
-      Object.entries(err.response.data as PbErrorData).forEach(([key, value]) => {
-        form.setError(key as keyof z.infer<typeof formSchema>, {
-          type: "manual",
-          message: value.message,
-        });
-      });
-
-      return;
-    }
-  };
-
-  const handleFileChange = async (event: React.ChangeEvent<HTMLInputElement>) => {
-    const file = event.target.files?.[0];
-    if (!file) return;
-    const savedFile = file;
-    setFileName(savedFile.name);
-    const content = await readFileContent(savedFile);
-    form.setValue("kubeConfig", content);
-  };
-
-  const handleSelectFileClick = () => {
-    fileInputRef.current?.click();
-  };
-
-  return (
-    <>
-      <Form {...form}>
-        <form
-          onSubmit={(e) => {
-            e.stopPropagation();
-            form.handleSubmit(onSubmit)(e);
-          }}
-          className="space-y-8"
-        >
-          <FormField
-            control={form.control}
-            name="name"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.name.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.name.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="kubeConfig"
-            render={({ field }) => (
-              <FormItem hidden>
-                <FormLabel>{t("access.authorization.form.k8s_kubeconfig.label")}</FormLabel>
-                <FormControl>
-                  <Input placeholder={t("access.authorization.form.k8s_kubeconfig.placeholder")} {...field} />
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormField
-            control={form.control}
-            name="kubeConfigFile"
-            render={({ field }) => (
-              <FormItem>
-                <FormLabel>{t("access.authorization.form.k8s_kubeconfig.label")}</FormLabel>
-                <FormControl>
-                  <div>
-                    <Button type={"button"} variant={"secondary"} size={"sm"} className="w-48" onClick={handleSelectFileClick}>
-                      {fileName ? fileName : t("access.authorization.form.k8s_kubeconfig_file.placeholder")}
-                    </Button>
-                    <Input
-                      placeholder={t("access.authorization.form.k8s_kubeconfig.placeholder")}
-                      {...field}
-                      ref={fileInputRef}
-                      className="hidden"
-                      hidden
-                      type="file"
-                      onChange={handleFileChange}
-                    />
-                  </div>
-                </FormControl>
-
-                <FormMessage />
-              </FormItem>
-            )}
-          />
-
-          <FormMessage />
-
-          <div className="flex justify-end">
-            <Button type="submit">{t("common.button.save")}</Button>
-          </div>
-        </form>
-      </Form>
-    </>
-  );
-};
-
-export default AccessKubernetesForm;
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				<svg viewBox="0 0 1113 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" width="200" height="200"><path d="M107.287 512.928c0-79.047-0.045-158.094 0.03-237.141 0.02-21.15 1.256-42.135 9.203-62.181 23.74-59.883 67.166-95.237 130.865-105.518 8.582-1.385 17.221-1.667 25.889-1.667 159.718 0.009 319.436-0.021 479.155 0.019 74.315 0.019 133.182 41.364 157.993 111.108 6.12 17.204 8.542 35.132 8.54 53.403-0.022 161.072 0.122 322.144-0.072 483.215-0.091 75.418-50.342 141.59-119.876 158.868-15.044 3.738-30.331 5.422-45.807 5.423-160.26 0.014-320.521 0.29-480.78-0.12-71.188-0.182-121.825-33.848-152.353-97.864-10.72-22.48-12.842-46.672-12.817-71.218 0.081-78.774 0.03-157.551 0.03-236.327z m283.66-4.813v136.454H254.062v138.583h138.402V645.64h138.004v137.437h138.576V644.705h137.443V505.977H668.339V367.658H530.496V229.98H391.685v138.154H254.216c-0.365 1.798-0.66 2.576-0.661 3.354-0.035 43.047 0.079 86.094-0.188 129.139-0.042 6.738 3.542 6.504 8.205 6.495 39.798-0.073 79.596-0.06 119.394-0.007 3.173 0.005 6.462-0.676 9.981 1z" fill="#4D70D4"></path></svg>
				`@ -1 +0,0 @@`
				<svg class="icon" viewBox="0 0 1113 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="18956" width="200" height="200"><path d="M107.287 512.928c0-79.047-0.045-158.094 0.03-237.141 0.02-21.15 1.256-42.135 9.203-62.181 23.74-59.883 67.166-95.237 130.865-105.518 8.582-1.385 17.221-1.667 25.889-1.667 159.718 0.009 319.436-0.021 479.155 0.019 74.315 0.019 133.182 41.364 157.993 111.108 6.12 17.204 8.542 35.132 8.54 53.403-0.022 161.072 0.122 322.144-0.072 483.215-0.091 75.418-50.342 141.59-119.876 158.868-15.044 3.738-30.331 5.422-45.807 5.423-160.26 0.014-320.521 0.29-480.78-0.12-71.188-0.182-121.825-33.848-152.353-97.864-10.72-22.48-12.842-46.672-12.817-71.218 0.081-78.774 0.03-157.551 0.03-236.327z m283.66-4.813v136.454H254.062v138.583h138.402V645.64h138.004v137.437h138.576V644.705h137.443V505.977H668.339V367.658H530.496V229.98H391.685v138.154H254.216c-0.365 1.798-0.66 2.576-0.661 3.354-0.035 43.047 0.079 86.094-0.188 129.139-0.042 6.738 3.542 6.504 8.205 6.495 39.798-0.073 79.596-0.06 119.394-0.007 3.173 0.005 6.462-0.676 9.981 1z" fill="#4D70D4" p-id="18957"></path></svg>