Secret Type - PKIJKS
The PKIJKS-Type is the same as the PKI-Type. The only difference is that it converts the issued certificate into a Java Key Store.

How TO

How to generate a PKI is documented by HashiCorp in their Secrets Engine documentation. For a short simple example please see the How To section of PKi-Type.
After you have generated a PKI create the Vault resource in Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
name: test-pkijks
5
spec:
6
path: "testpki/issue/testrole"
7
type: "PKIJKS"
8
pkiConfiguration:
9
commonName: "localhost"
10
ttl: "7m"
11
jksConfiguration:
12
password: "changeit"
Copied!
Now you should see the Vault resource in Kubernetes and the newly generated secret:
1
$ kubectl get vault test-pkijks
2
NAME AGE
3
test-pkijks 8d
Copied!
1
$ kubectl get secret test-pkijks
2
NAME TYPE DATA AGE
3
test-pkijks Opaque 1 8d
Copied!
The Java Key Store is saved by default in the key.jks field. It's possible to change the field via the jksConfiguration Object:

jksConfiguration

1
jksConfiguration:
2
password: "changeit"
3
alias: "main"
4
keyName: "key.jks"
Copied!
The field password defines the password that's used to secure the Key Store. The alias is for defining the name of the TLS-Certificate in the Key store and the key name is for specifying the save path in the secret.

Change Adjustment Callback

For more details please see Change Detection!
Last modified 1yr ago