What's the format of exported Key?

[bhardwahnitish19]

I have couple of questions, couldn't add a label as question to this. Please update the label as a question. It would be great if someone can share their thoughts on the following:

1. Is the Private key which is being mounted on FlexVolume Base64 encoded or encoded by any other algorithm or it's just in the plain text without any encoding?

2. Is there a way to fetch public and private key separately?(not in a single file as we get with secret)

Thanks

[ritazh]

Hi @bhardwahnitish19 Thanks for reporting this.

We are deprecating this solution in favor of https://github.com/Azure/secrets-store-csi-driver-provider-azure as flexvol is deprecating in K8s upstream.

With the secrets store csi driver Azure provider PR and this PR in the csi driver, this should address your issue. we will ping you as soon as all the changes are ready to be consumed or you could also build from source.

[bhardwahnitish19]

Hi @ritazh

Thanks for the update. It would be great if you can share some details about the new solution. Will it provide a way to fetch public and private key separately? I assume that it should work with new solution if we can get certs and keys in plain text. Please correct me if I am wrong.

Thanks

[bhardwahnitish19]

FYI - Mount volume always fails if I choose keys in flex volume. It fails specifically for the certificate that I have generated by azure CLI. Steps to generate Cert:

1. Created a CSR (where keyproperties.exportable is true)
2. Got this CSR signed by a third party CA
3. Merged the generated public key/cert in Key Vault.

This is specific to EC certs. Raised another issue to track this: issue