You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I would like to push cert manager generated certificate to azure keyvault using external secrets operator. We need to use the certificate in a Azure Application Gateway and it only accepts pkcs12 format.
The first step is to generate a valid P12 certificate. Currently, only PKCS1/PKCS8 types are supported. Currently only password-less P12 certificates are supported.
Describe the solution you'd like
Add the option to create a passwordless pkcs12 keystore by not specifying passwordSecretRef key.
Describe alternatives you've considered
Manually managing the certificates or using a different kubernetes operator.
I would also like this feature. Just for information this is the error message I get if I try (with cert-manager 1.14) with a password set to the empty string.
E0423 13:30:13.858226 1 controller.go:167] "re-queuing item due to error processing" err="failed to add keystores to Secret: PKCS12 keystore password Secret contains no data for key \"password\"" logger="cert-manager.certificates-issuing" key="mynamespace/my-certificate"
Not sure if it helps anyone, but I created a small operator to solve this for myself using Azure Key Vault as the certificate store and workload identity. Might be useful for someone until the support for passwordless pkcs12 is implemented in cert-manager.
Is your feature request related to a problem? Please describe.
I would like to push cert manager generated certificate to azure keyvault using external secrets operator. We need to use the certificate in a Azure Application Gateway and it only accepts pkcs12 format.
However external secrets operator only allows paswordless pkcs12 certificates:
Describe the solution you'd like
Add the option to create a passwordless pkcs12 keystore by not specifying
passwordSecretRef
key.Describe alternatives you've considered
Manually managing the certificates or using a different kubernetes operator.
Additional context
This is also related to #6269
/kind feature
The text was updated successfully, but these errors were encountered: