Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't set TTL for server certs when using Vault #1104

Merged
merged 3 commits into from
Mar 25, 2022

Conversation

ishustava
Copy link
Contributor

@ishustava ishustava commented Mar 16, 2022

Changes proposed in this PR:

  • When using vault secrets backend, don't set TTL for server certs explicitly so that they don't expire too early. This should be controlled via the PKI role rather than hard-coded in the template so that the users can control the TTL that is suitable for them.

How I've tested this PR:
unit tests

How I expect reviewers to test this PR:
👀

Checklist:

  • Tests added
  • CHANGELOG entry added

    HashiCorp engineers only, community PRs should not add a changelog entry.
    Entries should use present tense (e.g. Add support for...)

@ishustava ishustava added the type/bug Something isn't working label Mar 16, 2022
@ishustava ishustava requested review from a team, curtbushko and jmurret and removed request for a team March 16, 2022 21:59
Copy link
Member

@jmurret jmurret left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I just saw this. Nice work!

@ishustava ishustava merged commit 004530d into main Mar 25, 2022
@ishustava ishustava deleted the ishustava/vault-server-tls-no-ttl branch March 25, 2022 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type/bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants