Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes
Provide a framework for runtime generation of TLS certificates using 1 or more interchangeable certificate authorities/services. It allows for services that require certificates to provide a specification and for the user to customize that specification as well as assign a default and per-certificate authority.
All options exist under
security.certificates
and are mostly (well?) documented and relatively straightforward.Currently there is a
local
authority that will generate a root certificate and then issue requested certificates from it, and avault
authority that will request certificates from a Hashicorp Vault server. Both are WIP with some important features missing. However both are also passing all the tests that I have written (that being the ones I know they pass).Currently a draft as I am at a point where external eyeballs and comments would be greatly appreciated as I start to polish this into something useful.
Things done
Add a 👍 reaction to pull requests you find important.