Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(575): adding support for inline certificates/keys as base64 encoded #577

Merged
merged 4 commits into from
Nov 2, 2023
Merged

feat(575): adding support for inline certificates/keys as base64 encoded #577

merged 4 commits into from
Nov 2, 2023

Conversation

gabrik
Copy link
Contributor

@gabrik gabrik commented Oct 31, 2023

Adds new fields in the TLS configuration, allowing users to inline certificates and keys as encoded base64 strings.

Added fields:

  • root_ca_certificate_base64
  • server_private_key_base64
  • server_certificate_base64
  • client_private_key_base64
  • client_private_key_base64

Priority order when building the locator is:

  • Inlined to the locator
  • base64 certificate
  • file certificate

If both the path and the base64 are present the TlsConfigurator returns an error.

Solves #575

@gabrik gabrik requested a review from Mallets October 31, 2023 13:08
@gabrik
Copy link
Contributor Author

gabrik commented Oct 31, 2023

Just tested with a configuration like:

{
  "connect": {
    "endpoints": [
      "tls/REDACTED.routers.REDACTED.paas.zettascale.cloud:7447"
    ]
  },
  "id": "78b432a9634041acaf7c47665a40f4c5",
  "listen": {
    "endpoints": [
      "tls/0.0.0.0:7447"
    ]
  },
  "metadata": {
    "REDACTED"
  },
  "mode": "router",
  "transport": {
    "link": {
      "tls": {
        "client_auth": true,
        "client_certificate_base64": "LS0tLS1CRUdJTi...REDACTED",
        "client_private_key_base64": "LS0tLS1CRUdJTi...REDACTED",
        "server_certificate_base64": "LS0tLS1CRUdJTi...REDACTED",
        "server_private_key_base64": "LS0tLS1CRUdJTi...REDACTED",
        "root_ca_certificate_base64": "LS0tLS1CRUdJTi...REDACTED",
      }
    }
  }
}

@gabrik gabrik marked this pull request as ready for review October 31, 2023 13:41
@gabrik
Copy link
Contributor Author

gabrik commented Oct 31, 2023

Given some security concerns, the fields should be wrapped in something like: secrecy.Secret to not expose them into logs/admin space.

@gabrik gabrik requested review from JEnoch and removed request for Mallets November 2, 2023 09:40
@gabrik
Copy link
Contributor Author

gabrik commented Nov 2, 2023

@milyin please check if this has an impact of your current work on the config

@milyin
Copy link
Contributor

milyin commented Nov 2, 2023

@gabrik Thank you for notification. Update looks good for me, my changes not affected

@JEnoch JEnoch merged commit 4b34f76 into master Nov 2, 2023
14 checks passed
@gabrik gabrik mentioned this pull request Nov 3, 2023
Closed
@gabrik gabrik mentioned this pull request Dec 1, 2023
Merged
@JEnoch JEnoch mentioned this pull request Feb 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JEnoch JEnoch JEnoch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gabrik @milyin @JEnoch