Vault-CRD
  • Introduction
  • How does Vault-CRD work?
  • Supported Secret Types
    • Secret Type - KEYVALUE
    • Secret Type - KEYVALUEV2
    • Secret Type - PKI
    • Secret Type - PKIJKS
    • Secret Type - CERT
    • Secret Type - CERTJKS
    • Secret Type - DOCKERCFG
    • Secret Type - PROPERTIES
  • Change Detection
  • Install Vault-CRD
    • Self Signed Certificates
    • Enable Admission Webhook
Powered by GitBook
On this page
  • How To
  • Change Adjustment Callback
  1. Supported Secret Types

Secret Type - CERTJKS

PreviousSecret Type - CERTNextSecret Type - DOCKERCFG

Last updated 4 years ago

The CERTJKS-Type is the same as the . The only difference is that it converts the saved Certificate into a Java Key Store.

How To

First please read the part of , because the Vault-CRD expects the Certificate in a specific format.

After this you can create the following Vault resource in Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: test-certjks
spec:
  path: "secret/test-url.example.com"
  type: "CERTJKS"

This will generate the Vault resource and also the secret:

$ kubectl get vault test-certjks
NAME           AGE
test-certjks   8d
$ kubectl get secret test-certjks
NAME           TYPE      DATA      AGE
test-certjks   Opaque    1         8d

By default the Key Store is saved in the key.jks path. You can change it with the as described in .

Change Adjustment Callback

For more details please see !

Change Detection
CERT-Type
CERT-TYPE
jksConfiguration
PKIJKS