You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
Is your feature request related to a problem? Please describe.
Similar to hashicorp/consul#7622, it appears that consul-k8s only supports EC private keys. This is despite the fact that consul itself supports EC, PKCS1, and PKCS8 private keys.
Support parsing all of the private key formats that Consul supports. I'm not sure if you can just use the existing tlsutil package from the consul repo, so worst case I guess you could just copy/paste in that same bit of code.
Use Case(s)
We should be able to specify an RSA private key in the .global.tls.caKey values.yaml entry.
Contributions
The text was updated successfully, but these errors were encountered:
Hi @brucec5 thank you submitting this feature request. This is a great feature request and we will add this to our backlog. It is likely we won't be able to get to in some time since we have some other feature work going on right now. As a follow up question, I assume you are using PKCS1 or PKCS8 in Vault? Which one of the two do you have a preference for to helps us prioritize between the two?
Community Note
Is your feature request related to a problem? Please describe.
Similar to hashicorp/consul#7622, it appears that consul-k8s only supports EC private keys. This is despite the fact that consul itself supports EC, PKCS1, and PKCS8 private keys.
The consul-k8s code in question:
consul-k8s/helper/cert/tls_util.go
Lines 153 to 168 in 8946d1a
The similar code in consul:
https://github.com/hashicorp/consul/blob/27de64da7095570012e9f8f7aec16aaf66d2a773/agent/connect/parsing.go#L112-L141
Feature Description
Support parsing all of the private key formats that Consul supports. I'm not sure if you can just use the existing tlsutil package from the consul repo, so worst case I guess you could just copy/paste in that same bit of code.
Use Case(s)
We should be able to specify an RSA private key in the
.global.tls.caKey
values.yaml entry.Contributions
The text was updated successfully, but these errors were encountered: