Feature Request: Support for Hot TLS Certificate Rotation #244
Description
Feature Request: Support for Hot TLS Certificate Rotation
Description
Is there currently support for hot TLS certificate rotation in Spring gRPC? Hot TLS certificate rotation refers to the ability to update/replace TLS certificates without restarting the gRPC server.
Use Case
In production environments, TLS certificates need to be rotated periodically for security reasons or when they expire. Restarting servers to apply new certificates causes service disruption. Hot certificate rotation would allow for certificate updates while maintaining service availability.
Current Understanding
Based on reviewing the codebase and documentation:
- Spring gRPC supports TLS configuration through Spring Boot's SSL bundle configuration
- Custom TrustManager implementations are possible (as documented in detail)
- However, there doesn't appear to be a mechanism to reload/rotate certificates at runtime
Potential Implementation Approaches
If this feature doesn't exist yet, potential approaches might include:
- A certificate watcher that monitors certificate files for changes
- An API to programmatically update certificates at runtime
- Integration with Spring Boot's SSL bundle refresh mechanisms (if available)
Question
- Is hot TLS certificate rotation currently supported?
- If not, are there plans to add this feature in the future?
- Are there any workarounds or recommended approaches for certificate rotation without service disruption?
Thank you for your consideration.