Skip to content
This repository has been archived by the owner on Oct 12, 2023. It is now read-only.

Import PFX file into KVM volume #170

Open
mturzynski opened this issue Jan 21, 2020 · 0 comments
Open

Import PFX file into KVM volume #170

mturzynski opened this issue Jan 21, 2020 · 0 comments
Labels
enhancement New feature or request

Comments

@mturzynski
Copy link

Describe the request
I'd like the original PFX file to be imported into KVM volume, in case "secret" type is specified.

Explain why Key Vault FlexVolume needs it
The documentation says:

The AKV-secret provides a way to export the full X.509 certificate, including its private key (if its policy allows for private key exporting). Specifying secret in keyvaultobjecttypes will fetch the base64-encoded certificate bundle.

This is incompatible with existing solutions, as no app expects BASE-64 encoded PFX file. I don't understand why the plain PFX file cannot be imported into KVM volume? Is there any security reason?

Describe the solution you'd like
Perhaps adding new keyvaultobjecttypes: pfx would do the job without introducing a braking change.

Describe alternatives you've considered
For now I'd change the code of my app to decode BASE64 file but it's definetly not something I'd expect (changing the code to fit it into k8s).

Additional context
Actually I'm facing a lot of difficulities with fiting the project into k8s. The installation was simple and it's easy to use, but for instance I cannot use it with nginx, which supports loading certs only from secrets. Same for my existing apps, which expect to be configured via ENV variables (which I can populate from secrets, but can't populete from KVM volume). I'd love KVM to behave more like a secret provider and to be more transparent (for instance allow me to download plain .pfx file, without base64 encoding it). Fingers crossed for this project :)

@mturzynski mturzynski added the enhancement New feature or request label Jan 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant