New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for Hashicorp Vault mTLS #3018
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice work, thank you a lot for your contribution 🙇
I'm super happy to see e2e tests, too 🥳 🏅
framework.Compose(withTokenAuth, f, common.FindByName, useTokenAuth), | ||
framework.Compose(withTokenAuth, f, common.FindByNameAndRewrite, useTokenAuth), | ||
framework.Compose(withTokenAuth, f, common.JSONDataFromSync, useTokenAuth), | ||
framework.Compose(withTokenAuth, f, common.JSONDataFromRewrite, useTokenAuth), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are a lot of tests that need to run, although they don't provide a lot of value. In essence only one test is needed to verify that the mTLS is being accepted by vault.
As mentioned above: if we add one additional listener for vault - one that requires mTLS - then we can add another store which has mTLS enabled and we just need to add one test to the suites/provider/cases/vault/vault.go
file, something like this:
// ..
framework.Compose(
withTokenAuthAndMTLS, f, common.FindByName, useMTLSAndTokenAuth)
// ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, thanks for the suggestion, I will update the PR to follow it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@moolen , as commented above, using a second listener is not that simple, the Vault helm chart does not allow customising the Service and add the new port to it, I kept the vault_mtls.go
implementation and reduced the number of tests to cover just a single SecretStore and ClusterSecretStore test case. What do you think?
/ok-to-test sha=0a83f73 |
d11d153
to
a2ebf4b
Compare
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
/ok-to-test sha=a2ebf4b |
Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
a2ebf4b
to
082bd9c
Compare
Quality Gate passedThe SonarCloud Quality Gate passed, but some issues were introduced. 1 New issue |
@moolen I have performed a final amend to the PR because I notice a flaky integration test due to concurrency caused by the ClusterSecretStore left orphan after each Vault e2e test is executed, it should be fixed now, but I also believe is worth performing a few rounds of the I also tried to reduce the code complexity of the |
/ok-to-test sha=082bd9c |
Thank you @rodrigorfk, i'll take a look. Don't mind the sonarcube failures, no need to fix it right now :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you for your contribution! 🏅
// edit: i ran the e2e tests a couple of times, looks good!
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> Signed-off-by: Sai Charan Godasi <saicharangodasi@Sais-MacBook-Air.local>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com> Signed-off-by: Mike Serchenia <michael_serchenia@epam.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
* feat: adding support for mTLS to the Vault provider Signed-off-by: Rodrigo Fior Kuntzer <rodrigo@miro.com>
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://togithub.com/external-secrets/external-secrets) | patch | `0.9.11` -> `0.9.12` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v0.9.12`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.9.12) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.9.11...v0.9.12) Image: `ghcr.io/external-secrets/external-secrets:v0.9.12` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi-boringssl` #### What's Changed - bump 0.9.11 by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#2982 - chore(deps): bump golang from 1.20.1 to 1.21.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#2976 - fix: chart: update cert-manager cert. duration by [@​Tycale](https://togithub.com/Tycale) in [external-secrets/external-secrets#2986 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#2988 - Fix value name by [@​Aransh](https://togithub.com/Aransh) in [external-secrets/external-secrets#2985 - feat: add ability to define flavour for tag by [@​A1994SC](https://togithub.com/A1994SC) in [external-secrets/external-secrets#2881 - Fix typo in pushsecrets docs by [@​matusf](https://togithub.com/matusf) in [external-secrets/external-secrets#2998 - feat: add PushSecret and DeleteSecret to onepassword provider by [@​bthuilot](https://togithub.com/bthuilot) in [external-secrets/external-secrets#2646 - Configure codecov by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2995 - added some example for v2 literal templating by [@​rpasche](https://togithub.com/rpasche) in [external-secrets/external-secrets#3007 - Akeyless Provider - Add support for Certificate items by [@​barucoh](https://togithub.com/barucoh) in [external-secrets/external-secrets#3013 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3005 - Feat/allow keeper to work with complex types by [@​ppodevlabs](https://togithub.com/ppodevlabs) in [external-secrets/external-secrets#3016 - docs: update controller reconcile error rule by [@​aslafy-z](https://togithub.com/aslafy-z) in [external-secrets/external-secrets#3021 - Issue/2965 - Documentation does not reflect latest changes for datafrom for IBM Secret Manager by [@​fdberlking](https://togithub.com/fdberlking) in [external-secrets/external-secrets#3010 - doc: update bitwarden-cli image & version by [@​charlesthomas](https://togithub.com/charlesthomas) in [external-secrets/external-secrets#2971 - Update the ExternalSecret status even when data is empty by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2927 - grammar - it is by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2991 - gramar2 - intuitive not intuative by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2992 - docs: add command to install CRDs using kustomize by [@​PeterStolz](https://togithub.com/PeterStolz) in [external-secrets/external-secrets#3023 - Validator by [@​Mehrbod2002](https://togithub.com/Mehrbod2002) in [external-secrets/external-secrets#3003 - chore(deps): bump golang from 1.21.5 to 1.21.6 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3024 - feat: set default namespace on vault secretStore (namespaced ressource) by [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) in [external-secrets/external-secrets#2869 - Create OSSF scorecard job by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3032 - feat: add support for Hashicorp Vault mTLS by [@​rodrigorfk](https://togithub.com/rodrigorfk) in [external-secrets/external-secrets#3018 - \[Snyk] Fix for 5 vulnerabilities by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3036 - chore(deps): bump tornado from 6.3.3 to 6.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3051 - chore(deps): bump click from 8.1.3 to 8.1.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3050 - chore(deps): bump actions/cache from 3.3.3 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3049 - chore(deps): bump github/codeql-action from 2.2.4 to 3.23.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3048 - chore(deps): bump markupsafe from 2.1.1 to 2.1.3 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3047 - chore(deps): bump mkdocs-macros-plugin from 0.7.0 to 1.0.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3046 - chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3044 - chore(deps): bump golang from `fd78f2f` to `fd78f2f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3042 - chore(deps): bump ubi8/ubi-minimal from `d8b81a3` to `2882390` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3041 - chore(deps): bump alpine from `13b7e62` to `51b6726` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3040 - chore(deps): bump golang from `04cf306` to `c4b696f` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3038 - chore(deps): bump mkdocs-material from 9.5.3 to 9.5.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3043 - chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3045 - docs: add security response process by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3037 - Fix wrong namespaceSelector configuration in snippet in document by [@​kyasbal](https://togithub.com/kyasbal) in [external-secrets/external-secrets#3054 - chore: refactor/centralise secretKeyRef usage by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3022 - chore: fixup security response suggestions by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3056 - feat: allow provider to return admission warnings by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3058 - chore(deps): bump alpine from 3.18 to 3.19 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3039 - chore: add tests for AWS/SM by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3057 - chore(deps): bump mkdocs-minify-plugin from 0.5.0 to 0.7.2 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3063 - chore(deps): bump markupsafe from 2.1.3 to 2.1.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3062 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3065 - added metrics support for akeyless by [@​charan986](https://togithub.com/charan986) in [external-secrets/external-secrets#3069 - chore: bump jwx pkg by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3075 - IBM provider: remove deprecated code for fetching secret by name by [@​Shanti-G](https://togithub.com/Shanti-G) in [external-secrets/external-secrets#3078 - chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3090 - chore(deps): bump golang from `fd78f2f` to `a6a7f1f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3086 - chore(deps): bump alpine from `51b6726` to `c5b1261` in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3088 - chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3089 - chore(deps): bump golang from `c4b696f` to `d8c365d` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3084 - chore(deps): bump alpine from `51b6726` to `c5b1261` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3087 - 🧹 refactor vault provider by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3072 - chore: bump ubi image by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3096 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3091 - chore(deps): bump alpine from 3.19.0 to 3.19.1 in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3083 - chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3104 - chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3103 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3113 - chore(deps): bump peter-evans/slash-command-dispatch from 3.0.2 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3102 - Feat/ready condition early by [@​ppatel1604](https://togithub.com/ppatel1604) in [external-secrets/external-secrets#3077 - chore(deps): bump mkdocs-material from 9.5.4 to 9.5.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3106 - chore(deps): bump platformdirs from 4.1.0 to 4.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3105 - chore(deps): bump markupsafe from 2.1.4 to 2.1.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3107 - chore(deps): bump urllib3 from 2.1.0 to 2.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3109 - chore(deps): bump mkdocs-minify-plugin from 0.7.2 to 0.8.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3108 #### New Contributors - [@​Tycale](https://togithub.com/Tycale) made their first contribution in [external-secrets/external-secrets#2986 - [@​Aransh](https://togithub.com/Aransh) made their first contribution in [external-secrets/external-secrets#2985 - [@​A1994SC](https://togithub.com/A1994SC) made their first contribution in [external-secrets/external-secrets#2881 - [@​matusf](https://togithub.com/matusf) made their first contribution in [external-secrets/external-secrets#2998 - [@​bthuilot](https://togithub.com/bthuilot) made their first contribution in [external-secrets/external-secrets#2646 - [@​rpasche](https://togithub.com/rpasche) made their first contribution in [external-secrets/external-secrets#3007 - [@​barucoh](https://togithub.com/barucoh) made their first contribution in [external-secrets/external-secrets#3013 - [@​aslafy-z](https://togithub.com/aslafy-z) made their first contribution in [external-secrets/external-secrets#3021 - [@​fdberlking](https://togithub.com/fdberlking) made their first contribution in [external-secrets/external-secrets#3010 - [@​charlesthomas](https://togithub.com/charlesthomas) made their first contribution in [external-secrets/external-secrets#2971 - [@​aviadkray](https://togithub.com/aviadkray) made their first contribution in [external-secrets/external-secrets#2991 - [@​PeterStolz](https://togithub.com/PeterStolz) made their first contribution in [external-secrets/external-secrets#3023 - [@​Mehrbod2002](https://togithub.com/Mehrbod2002) made their first contribution in [external-secrets/external-secrets#3003 - [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) made their first contribution in [external-secrets/external-secrets#2869 - [@​rodrigorfk](https://togithub.com/rodrigorfk) made their first contribution in [external-secrets/external-secrets#3018 - [@​kyasbal](https://togithub.com/kyasbal) made their first contribution in [external-secrets/external-secrets#3054 **Full Changelog**: external-secrets/external-secrets@v0.9.11...v0.9.12 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xODAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE4MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://togithub.com/external-secrets/external-secrets) | patch | `0.9.11` -> `0.9.12` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v0.9.12`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.9.12) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.9.11...v0.9.12) Image: `ghcr.io/external-secrets/external-secrets:v0.9.12` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi-boringssl` #### What's Changed - bump 0.9.11 by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#2982 - chore(deps): bump golang from 1.20.1 to 1.21.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#2976 - fix: chart: update cert-manager cert. duration by [@​Tycale](https://togithub.com/Tycale) in [external-secrets/external-secrets#2986 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#2988 - Fix value name by [@​Aransh](https://togithub.com/Aransh) in [external-secrets/external-secrets#2985 - feat: add ability to define flavour for tag by [@​A1994SC](https://togithub.com/A1994SC) in [external-secrets/external-secrets#2881 - Fix typo in pushsecrets docs by [@​matusf](https://togithub.com/matusf) in [external-secrets/external-secrets#2998 - feat: add PushSecret and DeleteSecret to onepassword provider by [@​bthuilot](https://togithub.com/bthuilot) in [external-secrets/external-secrets#2646 - Configure codecov by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2995 - added some example for v2 literal templating by [@​rpasche](https://togithub.com/rpasche) in [external-secrets/external-secrets#3007 - Akeyless Provider - Add support for Certificate items by [@​barucoh](https://togithub.com/barucoh) in [external-secrets/external-secrets#3013 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3005 - Feat/allow keeper to work with complex types by [@​ppodevlabs](https://togithub.com/ppodevlabs) in [external-secrets/external-secrets#3016 - docs: update controller reconcile error rule by [@​aslafy-z](https://togithub.com/aslafy-z) in [external-secrets/external-secrets#3021 - Issue/2965 - Documentation does not reflect latest changes for datafrom for IBM Secret Manager by [@​fdberlking](https://togithub.com/fdberlking) in [external-secrets/external-secrets#3010 - doc: update bitwarden-cli image & version by [@​charlesthomas](https://togithub.com/charlesthomas) in [external-secrets/external-secrets#2971 - Update the ExternalSecret status even when data is empty by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2927 - grammar - it is by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2991 - gramar2 - intuitive not intuative by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2992 - docs: add command to install CRDs using kustomize by [@​PeterStolz](https://togithub.com/PeterStolz) in [external-secrets/external-secrets#3023 - Validator by [@​Mehrbod2002](https://togithub.com/Mehrbod2002) in [external-secrets/external-secrets#3003 - chore(deps): bump golang from 1.21.5 to 1.21.6 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3024 - feat: set default namespace on vault secretStore (namespaced ressource) by [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) in [external-secrets/external-secrets#2869 - Create OSSF scorecard job by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3032 - feat: add support for Hashicorp Vault mTLS by [@​rodrigorfk](https://togithub.com/rodrigorfk) in [external-secrets/external-secrets#3018 - \[Snyk] Fix for 5 vulnerabilities by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3036 - chore(deps): bump tornado from 6.3.3 to 6.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3051 - chore(deps): bump click from 8.1.3 to 8.1.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3050 - chore(deps): bump actions/cache from 3.3.3 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3049 - chore(deps): bump github/codeql-action from 2.2.4 to 3.23.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3048 - chore(deps): bump markupsafe from 2.1.1 to 2.1.3 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3047 - chore(deps): bump mkdocs-macros-plugin from 0.7.0 to 1.0.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3046 - chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3044 - chore(deps): bump golang from `fd78f2f` to `fd78f2f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3042 - chore(deps): bump ubi8/ubi-minimal from `d8b81a3` to `2882390` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3041 - chore(deps): bump alpine from `13b7e62` to `51b6726` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3040 - chore(deps): bump golang from `04cf306` to `c4b696f` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3038 - chore(deps): bump mkdocs-material from 9.5.3 to 9.5.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3043 - chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3045 - docs: add security response process by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3037 - Fix wrong namespaceSelector configuration in snippet in document by [@​kyasbal](https://togithub.com/kyasbal) in [external-secrets/external-secrets#3054 - chore: refactor/centralise secretKeyRef usage by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3022 - chore: fixup security response suggestions by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3056 - feat: allow provider to return admission warnings by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3058 - chore(deps): bump alpine from 3.18 to 3.19 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3039 - chore: add tests for AWS/SM by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3057 - chore(deps): bump mkdocs-minify-plugin from 0.5.0 to 0.7.2 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3063 - chore(deps): bump markupsafe from 2.1.3 to 2.1.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3062 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3065 - added metrics support for akeyless by [@​charan986](https://togithub.com/charan986) in [external-secrets/external-secrets#3069 - chore: bump jwx pkg by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3075 - IBM provider: remove deprecated code for fetching secret by name by [@​Shanti-G](https://togithub.com/Shanti-G) in [external-secrets/external-secrets#3078 - chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3090 - chore(deps): bump golang from `fd78f2f` to `a6a7f1f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3086 - chore(deps): bump alpine from `51b6726` to `c5b1261` in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3088 - chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3089 - chore(deps): bump golang from `c4b696f` to `d8c365d` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3084 - chore(deps): bump alpine from `51b6726` to `c5b1261` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3087 - 🧹 refactor vault provider by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3072 - chore: bump ubi image by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3096 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3091 - chore(deps): bump alpine from 3.19.0 to 3.19.1 in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3083 - chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3104 - chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3103 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3113 - chore(deps): bump peter-evans/slash-command-dispatch from 3.0.2 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3102 - Feat/ready condition early by [@​ppatel1604](https://togithub.com/ppatel1604) in [external-secrets/external-secrets#3077 - chore(deps): bump mkdocs-material from 9.5.4 to 9.5.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3106 - chore(deps): bump platformdirs from 4.1.0 to 4.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3105 - chore(deps): bump markupsafe from 2.1.4 to 2.1.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3107 - chore(deps): bump urllib3 from 2.1.0 to 2.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3109 - chore(deps): bump mkdocs-minify-plugin from 0.7.2 to 0.8.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3108 #### New Contributors - [@​Tycale](https://togithub.com/Tycale) made their first contribution in [external-secrets/external-secrets#2986 - [@​Aransh](https://togithub.com/Aransh) made their first contribution in [external-secrets/external-secrets#2985 - [@​A1994SC](https://togithub.com/A1994SC) made their first contribution in [external-secrets/external-secrets#2881 - [@​matusf](https://togithub.com/matusf) made their first contribution in [external-secrets/external-secrets#2998 - [@​bthuilot](https://togithub.com/bthuilot) made their first contribution in [external-secrets/external-secrets#2646 - [@​rpasche](https://togithub.com/rpasche) made their first contribution in [external-secrets/external-secrets#3007 - [@​barucoh](https://togithub.com/barucoh) made their first contribution in [external-secrets/external-secrets#3013 - [@​aslafy-z](https://togithub.com/aslafy-z) made their first contribution in [external-secrets/external-secrets#3021 - [@​fdberlking](https://togithub.com/fdberlking) made their first contribution in [external-secrets/external-secrets#3010 - [@​charlesthomas](https://togithub.com/charlesthomas) made their first contribution in [external-secrets/external-secrets#2971 - [@​aviadkray](https://togithub.com/aviadkray) made their first contribution in [external-secrets/external-secrets#2991 - [@​PeterStolz](https://togithub.com/PeterStolz) made their first contribution in [external-secrets/external-secrets#3023 - [@​Mehrbod2002](https://togithub.com/Mehrbod2002) made their first contribution in [external-secrets/external-secrets#3003 - [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) made their first contribution in [external-secrets/external-secrets#2869 - [@​rodrigorfk](https://togithub.com/rodrigorfk) made their first contribution in [external-secrets/external-secrets#3018 - [@​kyasbal](https://togithub.com/kyasbal) made their first contribution in [external-secrets/external-secrets#3054 **Full Changelog**: external-secrets/external-secrets@v0.9.11...v0.9.12 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xODAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE4MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [external-secrets](https://togithub.com/external-secrets/external-secrets) | patch | `0.9.11` -> `0.9.12` | --- ### Release Notes <details> <summary>external-secrets/external-secrets (external-secrets)</summary> ### [`v0.9.12`](https://togithub.com/external-secrets/external-secrets/releases/tag/v0.9.12) [Compare Source](https://togithub.com/external-secrets/external-secrets/compare/v0.9.11...v0.9.12) Image: `ghcr.io/external-secrets/external-secrets:v0.9.12` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi` Image: `ghcr.io/external-secrets/external-secrets:v0.9.12-ubi-boringssl` #### What's Changed - bump 0.9.11 by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#2982 - chore(deps): bump golang from 1.20.1 to 1.21.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#2976 - fix: chart: update cert-manager cert. duration by [@​Tycale](https://togithub.com/Tycale) in [external-secrets/external-secrets#2986 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#2988 - Fix value name by [@​Aransh](https://togithub.com/Aransh) in [external-secrets/external-secrets#2985 - feat: add ability to define flavour for tag by [@​A1994SC](https://togithub.com/A1994SC) in [external-secrets/external-secrets#2881 - Fix typo in pushsecrets docs by [@​matusf](https://togithub.com/matusf) in [external-secrets/external-secrets#2998 - feat: add PushSecret and DeleteSecret to onepassword provider by [@​bthuilot](https://togithub.com/bthuilot) in [external-secrets/external-secrets#2646 - Configure codecov by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2995 - added some example for v2 literal templating by [@​rpasche](https://togithub.com/rpasche) in [external-secrets/external-secrets#3007 - Akeyless Provider - Add support for Certificate items by [@​barucoh](https://togithub.com/barucoh) in [external-secrets/external-secrets#3013 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3005 - Feat/allow keeper to work with complex types by [@​ppodevlabs](https://togithub.com/ppodevlabs) in [external-secrets/external-secrets#3016 - docs: update controller reconcile error rule by [@​aslafy-z](https://togithub.com/aslafy-z) in [external-secrets/external-secrets#3021 - Issue/2965 - Documentation does not reflect latest changes for datafrom for IBM Secret Manager by [@​fdberlking](https://togithub.com/fdberlking) in [external-secrets/external-secrets#3010 - doc: update bitwarden-cli image & version by [@​charlesthomas](https://togithub.com/charlesthomas) in [external-secrets/external-secrets#2971 - Update the ExternalSecret status even when data is empty by [@​shuheiktgw](https://togithub.com/shuheiktgw) in [external-secrets/external-secrets#2927 - grammar - it is by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2991 - gramar2 - intuitive not intuative by [@​aviadkray](https://togithub.com/aviadkray) in [external-secrets/external-secrets#2992 - docs: add command to install CRDs using kustomize by [@​PeterStolz](https://togithub.com/PeterStolz) in [external-secrets/external-secrets#3023 - Validator by [@​Mehrbod2002](https://togithub.com/Mehrbod2002) in [external-secrets/external-secrets#3003 - chore(deps): bump golang from 1.21.5 to 1.21.6 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3024 - feat: set default namespace on vault secretStore (namespaced ressource) by [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) in [external-secrets/external-secrets#2869 - Create OSSF scorecard job by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3032 - feat: add support for Hashicorp Vault mTLS by [@​rodrigorfk](https://togithub.com/rodrigorfk) in [external-secrets/external-secrets#3018 - \[Snyk] Fix for 5 vulnerabilities by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3036 - chore(deps): bump tornado from 6.3.3 to 6.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3051 - chore(deps): bump click from 8.1.3 to 8.1.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3050 - chore(deps): bump actions/cache from 3.3.3 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3049 - chore(deps): bump github/codeql-action from 2.2.4 to 3.23.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3048 - chore(deps): bump markupsafe from 2.1.1 to 2.1.3 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3047 - chore(deps): bump mkdocs-macros-plugin from 0.7.0 to 1.0.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3046 - chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3044 - chore(deps): bump golang from `fd78f2f` to `fd78f2f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3042 - chore(deps): bump ubi8/ubi-minimal from `d8b81a3` to `2882390` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3041 - chore(deps): bump alpine from `13b7e62` to `51b6726` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3040 - chore(deps): bump golang from `04cf306` to `c4b696f` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3038 - chore(deps): bump mkdocs-material from 9.5.3 to 9.5.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3043 - chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3045 - docs: add security response process by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3037 - Fix wrong namespaceSelector configuration in snippet in document by [@​kyasbal](https://togithub.com/kyasbal) in [external-secrets/external-secrets#3054 - chore: refactor/centralise secretKeyRef usage by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3022 - chore: fixup security response suggestions by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3056 - feat: allow provider to return admission warnings by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3058 - chore(deps): bump alpine from 3.18 to 3.19 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3039 - chore: add tests for AWS/SM by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3057 - chore(deps): bump mkdocs-minify-plugin from 0.5.0 to 0.7.2 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3063 - chore(deps): bump markupsafe from 2.1.3 to 2.1.4 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3062 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3065 - added metrics support for akeyless by [@​charan986](https://togithub.com/charan986) in [external-secrets/external-secrets#3069 - chore: bump jwx pkg by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3075 - IBM provider: remove deprecated code for fetching secret by name by [@​Shanti-G](https://togithub.com/Shanti-G) in [external-secrets/external-secrets#3078 - chore(deps): bump codecov/codecov-action from 3.1.4 to 3.1.5 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3090 - chore(deps): bump golang from `fd78f2f` to `a6a7f1f` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3086 - chore(deps): bump alpine from `51b6726` to `c5b1261` in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3088 - chore(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3089 - chore(deps): bump golang from `c4b696f` to `d8c365d` in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3084 - chore(deps): bump alpine from `51b6726` to `c5b1261` by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3087 - 🧹 refactor vault provider by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3072 - chore: bump ubi image by [@​moolen](https://togithub.com/moolen) in [external-secrets/external-secrets#3096 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3091 - chore(deps): bump alpine from 3.19.0 to 3.19.1 in /e2e by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3083 - chore(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3104 - chore(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3103 - chore: update dependencies by [@​eso-service-account-app](https://togithub.com/eso-service-account-app) in [external-secrets/external-secrets#3113 - chore(deps): bump peter-evans/slash-command-dispatch from 3.0.2 to 4.0.0 by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3102 - Feat/ready condition early by [@​ppatel1604](https://togithub.com/ppatel1604) in [external-secrets/external-secrets#3077 - chore(deps): bump mkdocs-material from 9.5.4 to 9.5.7 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3106 - chore(deps): bump platformdirs from 4.1.0 to 4.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3105 - chore(deps): bump markupsafe from 2.1.4 to 2.1.5 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3107 - chore(deps): bump urllib3 from 2.1.0 to 2.2.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3109 - chore(deps): bump mkdocs-minify-plugin from 0.7.2 to 0.8.0 in /hack/api-docs by [@​dependabot](https://togithub.com/dependabot) in [external-secrets/external-secrets#3108 #### New Contributors - [@​Tycale](https://togithub.com/Tycale) made their first contribution in [external-secrets/external-secrets#2986 - [@​Aransh](https://togithub.com/Aransh) made their first contribution in [external-secrets/external-secrets#2985 - [@​A1994SC](https://togithub.com/A1994SC) made their first contribution in [external-secrets/external-secrets#2881 - [@​matusf](https://togithub.com/matusf) made their first contribution in [external-secrets/external-secrets#2998 - [@​bthuilot](https://togithub.com/bthuilot) made their first contribution in [external-secrets/external-secrets#2646 - [@​rpasche](https://togithub.com/rpasche) made their first contribution in [external-secrets/external-secrets#3007 - [@​barucoh](https://togithub.com/barucoh) made their first contribution in [external-secrets/external-secrets#3013 - [@​aslafy-z](https://togithub.com/aslafy-z) made their first contribution in [external-secrets/external-secrets#3021 - [@​fdberlking](https://togithub.com/fdberlking) made their first contribution in [external-secrets/external-secrets#3010 - [@​charlesthomas](https://togithub.com/charlesthomas) made their first contribution in [external-secrets/external-secrets#2971 - [@​aviadkray](https://togithub.com/aviadkray) made their first contribution in [external-secrets/external-secrets#2991 - [@​PeterStolz](https://togithub.com/PeterStolz) made their first contribution in [external-secrets/external-secrets#3023 - [@​Mehrbod2002](https://togithub.com/Mehrbod2002) made their first contribution in [external-secrets/external-secrets#3003 - [@​M0NsTeRRR](https://togithub.com/M0NsTeRRR) made their first contribution in [external-secrets/external-secrets#2869 - [@​rodrigorfk](https://togithub.com/rodrigorfk) made their first contribution in [external-secrets/external-secrets#3018 - [@​kyasbal](https://togithub.com/kyasbal) made their first contribution in [external-secrets/external-secrets#3054 **Full Changelog**: external-secrets/external-secrets@v0.9.11...v0.9.12 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xODAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjE4MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: kireque-bot[bot] <143391978+kireque-bot[bot]@users.noreply.github.com>
Problem Statement
Vault server can be configured to strictly enforce clients to present client certificates while connecting to the server in the HTTPs transport layer.
It is possible to configure Vault to use a client certificate to secure the transport layer (tcp listener documentation):
When Vault is configured in the way above, there is no possibility to properly configure the Vault provider in the SecretStore by using existing CRDs.
Related Issue
Fixes #1139
Proposed Changes
This change is adding a new section in the Vault provider allow passing the client TLS certificate to the transport layer as following:
Checklist
git commit --signoff
make test
make reviewable