Secret Type - PKIJKS
The PKIJKS-Type is the same as the PKI-Type. The only difference is that it converts the issued certificate into a Java Key Store.

How TO

How to generate a PKI is documented by HashiCorp in their Secrets Engine documentation. For a short simple example please see the How To section of PKi-Type.
After you have generated a PKI create the Vault resource in Kubernetes:
apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
name: test-pkijks
spec:
path: "testpki/issue/testrole"
type: "PKIJKS"
pkiConfiguration:
commonName: "localhost"
ttl: "7m"
jksConfiguration:
password: "changeit"
Now you should see the Vault resource in Kubernetes and the newly generated secret:
$ kubectl get vault test-pkijks
NAME AGE
test-pkijks 8d
$ kubectl get secret test-pkijks
NAME TYPE DATA AGE
test-pkijks Opaque 1 8d
The Java Key Store is saved by default in the key.jks field. It's possible to change the field via the jksConfiguration Object:

jksConfiguration

jksConfiguration:
password: "changeit"
alias: "main"
keyName: "key.jks"
The field password defines the password that's used to secure the Key Store. The alias is for defining the name of the TLS-Certificate in the Key store and the key name is for specifying the save path in the secret.

Change Adjustment Callback

For more details please see Change Detection!
Copy link
On this page
How TO
jksConfiguration
Change Adjustment Callback