Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for mTLS CA and CRL chain #452

Closed
sebglon opened this issue Nov 10, 2023 · 4 comments · Fixed by #437
Closed

Add support for mTLS CA and CRL chain #452

sebglon opened this issue Nov 10, 2023 · 4 comments · Fixed by #437
Assignees
@benashz
Labels
enhancement New feature or request secret-transformation
Milestone
v0.5.0

Comments

@sebglon
Copy link
Contributor

sebglon commented Nov 10, 2023

Is your feature request related to a problem? Please describe.
With Nginx,we need a secret with the CA an CRL chain for mTLS certificates.
For now we use a ricoberge resources with custom templating; but we need to migrate all our resources to VSO.

Describe the solution you'd like
A possible solution is to have a new resources to cover this case.
Another solution is to add new arg on VaultPKISecret to provide to cover this case.

Describe alternatives you've considered
Alternative solution is to add templating on VaultStaticSecret to generate it.

Additional context
Add any other context or screenshots about the feature request here.

https://discuss.hashicorp.com/t/nginx-mtls-with-vault-secret-operator-how-to-manage-ca-cert-chain-and-crl/59474
@sebglon sebglon added the enhancement New feature or request label Nov 10, 2023
@sebglon
Copy link
Contributor Author

sebglon commented Nov 13, 2023

Maybe this PR can help: #437 ?

@benashz
Copy link
Collaborator

benashz commented Nov 14, 2023

Maybe this PR can help: #437 ?

@sebglon I suspect that you are correct. I think we will still need to extend VaultPKISecret to support fetching the CRL, if one is configured.

@benashz benashz added this to the v0.5.0 milestone Feb 1, 2024
@benashz benashz removed the templating label Feb 1, 2024
@benashz benashz self-assigned this Feb 6, 2024
@benashz benashz linked a pull request Feb 7, 2024 that will close this issue
Add support for secret data transformation #437
Merged
@benashz
Copy link
Collaborator

benashz commented Feb 7, 2024

Closed with #437

@benashz benashz closed this as completed Feb 7, 2024
@sebglon
Copy link
Contributor Author

sebglon commented Mar 15, 2024

This issue is always present because we need 4 path from 2 PKI to generate the secret

@sebglon sebglon mentioned this issue Mar 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benashz benashz

Labels
enhancement New feature or request secret-transformation
Projects
None yet
Milestone
v0.5.0
Development

Successfully merging a pull request may close this issue.

Add support for secret data transformation hashicorp/vault-secrets-operator
2 participants
@sebglon @benashz