diff --git a/charts/ratify/README.md b/charts/ratify/README.md index 84b52b238..135f3ed0e 100644 --- a/charts/ratify/README.md +++ b/charts/ratify/README.md @@ -135,7 +135,8 @@ Values marked `# DEPRECATED` in the `values.yaml` as well as **DEPRECATED** in t | azurekeyvault.vaultURI | Vault URI for Azure Key Vault | `` | | azurekeyvault.tenantId | Tenant ID of the configured Azure Key Vault resource | `` | | azurekeyvault.certificates | An array of certificate objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | -| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | +| azurekeyvault.keys | An array of key objects identified by `name` and `version` (optional) stored in Azure Key Vault | `[]` | +| azurekeyvault.refreshInterval | time duration to refresh the certificates/keys. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Example: 1h, 30m, 1h30m. If it's not set, the refresh functionality will be disabled. | `` | | notationCert | **DEPRECATED** Please switch to `notationCerts` to specify an array of verification certificates. Public certificate/certificate chain used to create inline certstore used by Notation verifier. | `` | | akvCertConfig.enabled | **DEPRECATED** Please use `azurekeyvault.enabled` instead. Enables/disables Azure Key Vault certificate store. If you are using a custom chart, certificate store should be referenced through a Verifier CR. References in ConfigMap will not be correctly resolved. | `false` | | akvCertConfig.vaultURI | **DEPRECATED** Please use `azurekeyvault.vaultURI` instead. Vault URI for AKV configured | `` | diff --git a/charts/ratify/templates/akv-key-management-provider.yaml b/charts/ratify/templates/akv-key-management-provider.yaml index 831496792..132c14fef 100644 --- a/charts/ratify/templates/akv-key-management-provider.yaml +++ b/charts/ratify/templates/akv-key-management-provider.yaml @@ -8,6 +8,9 @@ metadata: helm.sh/hook-weight: "5" spec: type: azurekeyvault + {{- if .Values.azurekeyvault.refreshInterval }} + refreshInterval: {{ .Values.azurekeyvault.refreshInterval }} + {{- end }} parameters: {{- if .Values.azurekeyvault.vaultURI }} vaultURI: {{ .Values.azurekeyvault.vaultURI }} diff --git a/charts/ratify/values.yaml b/charts/ratify/values.yaml index f1206dc10..2bc52a02d 100644 --- a/charts/ratify/values.yaml +++ b/charts/ratify/values.yaml @@ -76,6 +76,7 @@ azurekeyvault: tenantId: certificates: [] keys: [] + refreshInterval: oras: useHttp: false