You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
First of all, thanks a lot for integrating InfluxDB as a database plugin!
When using TLS configuration either via "pem_bundle" or "pem_json" there is no way how to provide a new certificate or private key once the old one has expired.
To Reproduce
Steps to reproduce the behavior:
Configure the InfluxDB secret engine using TLS via either "pem_bundle" or "pem_json"
Rotate the database root credentials
Try to reconfigure the secret engine using the same initial username and password but a new certificate and private key using either "pem_bundle" or "pem_json"
Expected behavior
Either provide a similar behaviour like the PostgreSQL plugin (using physical ca, cert and key files), or provide a dedicated API endpoint to update the TLS settings once required.
Environment:
Vault Server Version (retrieve with vault status): 1.0.3
Vault CLI Version (retrieve with vault version): 1.0.3
Server Operating System/Architecture: Docker (official Vault image)
The text was updated successfully, but these errors were encountered:
Can you provide more info on the exact calls you're making? The code doesn't treat these values differently for updating purposes so it's not clear what might be going on.
I investigated this issue and found that InfluxDB does not actually support client certificates but Vault's influxdb-database-plugin can be configured to use a client certificate.
I opened #7118 to remove support for configuring client certificates in influxdb-database-plugin which I think is the source of your issue.
Can you try to reproduce your problem without using a client certificate?
Describe the bug
First of all, thanks a lot for integrating InfluxDB as a database plugin!
When using TLS configuration either via "pem_bundle" or "pem_json" there is no way how to provide a new certificate or private key once the old one has expired.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Either provide a similar behaviour like the PostgreSQL plugin (using physical ca, cert and key files), or provide a dedicated API endpoint to update the TLS settings once required.
Environment:
vault status
): 1.0.3vault version
): 1.0.3The text was updated successfully, but these errors were encountered: