Secret Type - CERTJKS

The CERTJKS-Type is the same as the CERT-Type. The only difference is that it converts the saved Certificate into a Java Key Store.

How To

First please read the part of CERT-TYPE, because the Vault-CRD expects the Certificate in a specific format.

After this you can create the following Vault resource in Kubernetes:

apiVersion: ""
kind: Vault
  name: test-certjks
  path: "secret/"
  type: "CERTJKS"

This will generate the Vault resource and also the secret:

$ kubectl get vault test-certjks
NAME           AGE
test-certjks   8d
$ kubectl get secret test-certjks
NAME           TYPE      DATA      AGE
test-certjks   Opaque    1         8d

By default the Key Store is saved in the key.jks path. You can change it with the jksConfiguration as described in PKIJKS.

Change Adjustment Callback

For more details please see Change Detection!

Last updated