Secret Type - CERTJKS

The CERTJKS-Type is the same as the CERT-Type. The only difference is that it converts the saved Certificate into a Java Key Store.

How To

First please read the part of CERT-TYPE, because the Vault-CRD expects the Certificate in a specific format.

After this you can create the following Vault resource in Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: test-certjks
spec:
path: "secret/test-url.example.com"
type: "CERTJKS"

This will generate the Vault resource and also the secret:

$ kubectl get vault test-certjks
NAME AGE
test-certjks 8d
$ kubectl get secret test-certjks
NAME TYPE DATA AGE
test-certjks Opaque 1 8d

By default the Key Store is saved in the key.jks path. You can change it with the jksConfiguration as described in PKIJKS.

Change Adjustment Callback

For more details please see Change Detection!