Pulsar Client - Allow TLS Certs to be loaded from memory #5241
Description
Currently the Pulsar client allows for the use of TLS certificates to be loaded and passed to the brokers, but these certs have to exist on the file system where the Pulsar client resides.
Example:
String clientCertPath = "./client1.cert.pem";
String clientCertKeyPath = "./client1.key-pk8.pem";
String tlsTrustCertsFilePath = "./ca.cert.pem";
Map<String, String> authParams = new HashMap<>();
authParams.put("tlsCertFile", clientCertPath);
authParams.put("tlsKeyFile", clientCertKeyPath);
PulsarClient client = PulsarClient.builder()
.serviceUrl(SERVICE_URL)
.tlsTrustCertsFilePath(tlsTrustCertsFilePath)
.authentication(AuthenticationTls.class.getName(), authParams)
.build();Describe the solution you'd like
Allow the authentication portion of the client builder to accept strings from memory, as well as, file paths. This way you can:
- utilize certificate vaults such as Pivotal Hashi-Vault to store your client certs
- call the cert vault API to obtain the certs
- pass them to the Pulsar client
- and off you go!
Today this model works by:
- call the cert vault API to obtain the certs
- create physical certs on the file system from the certs you now have in memory
- load the physical certs from the file system into Pulsar client
Allowing them to be loaded via memory would be more efficient when using certificate vaults.
Thanks!