Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to provide custom CA certificate #2

stklcode opened this issue Oct 14, 2016 · 1 comment

Option to provide custom CA certificate #2

stklcode opened this issue Oct 14, 2016 · 1 comment


Copy link

stklcode commented Oct 14, 2016

In local networks server certificates are often signed by a local CA. To avoid adding the root certificate to the Java keystore on every system a vault-connected application is running on, the ability of providing a trusted certificate should be added.

There might be multiple solutions, probaly the most simple would be to accept a SSLContext object to pass to the HTTP client. Little more comfortable maybe accepting a File or Path pointing to the certificate and let the ConnectorFactory to the necessary configuration.

Maybe even disabling validation completely should be an option. (Security issue for sure, but even an unencrytped connection is possible... Better unechecked than unencrypted if validation is impossible for any reason.)

@stklcode stklcode added this to the 0.4 milestone Oct 14, 2016
@stklcode stklcode self-assigned this Oct 15, 2016
@stklcode stklcode changed the title Option to provide custom root certificate Option to provide custom CA certificate Oct 24, 2016
Copy link
Owner Author

stklcode commented Nov 6, 2016

Two methods have been added to the HTTPVaultConnectorFactory:

  • withTrustedCA(Path) - Trust only the CA certificate provided in parameter
  • withSslContext(SSLContext) - Use given SSL context

This feature is optional, if nothing is provided here, default system context is used.

@stklcode stklcode closed this as completed Nov 6, 2016
stklcode added a commit that referenced this issue Jun 22, 2024
# Das ist die erste Commit-Beschreibung:

feat: add mount_type attribute to common response model

# Die Commit-Beschreibung #2 wird ausgelassen:

# ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

1 participant