[Feature]: Load client certificates from RAM #32200
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🚀 Feature Request
The API for client certificates should accept the actual certificate, not a path to a file containing the certificate.
Example
The certificate could be coming in at runtime from a physical hardware token or from some other source that isn't a file.
Motivation
The current implementation of the new client certificates feature from #1799 and #32004 has the API expecting a file path to receive the client certificates. However, the certificates might not be coming from a file: they could instead get generated at runtime and only exist in RAM. It would be preferable and also possibly more secure for the API to accept the actual certificate instead of a path to a file containing the certificate because a file might not strictly need to be written to do this operation. The certificates could come from a file or they could come from anything as long as the certificates are provided somehow.
I discussed this request with @mxschmitt on Discord.
The text was updated successfully, but these errors were encountered: