Vault-CRD
Vault-CRD
Github
Introduction
How does Vault-CRD work?
Supported Secret Types
Secret Type - KEYVALUE
Secret Type - KEYVALUEV2
Secret Type - PKI
Secret Type - PKIJKS
Secret Type - CERT
Secret Type - CERTJKS
Secret Type - DOCKERCFG
Secret Type - PROPERTIES
Change Detection
Install Vault-CRD
Powered by GitBook

Secret Type - PKIJKS

The PKIJKS-Type is the same as the PKI-Type. The only difference is that it converts the issued certificate into a Java Key Store.

How TO

How to generate a PKI is documented by HashiCorp in their Secrets Engine documentation. For a short simple example please see the How To section of PKi-Type.

After you have generated a PKI create the Vault resource in Kubernetes:

apiVersion: "koudingspawn.de/v1"
kind: Vault
metadata:
  name: test-pkijks
spec:
  path: "testpki/issue/testrole"
  type: "PKIJKS"
  pkiConfiguration:
    commonName: "localhost"
    ttl: "7m"
  jksConfiguration:
    password: "changeit"

Now you should see the Vault resource in Kubernetes and the newly generated secret:

$ kubectl get vault test-pkijks
NAME          AGE
test-pkijks   8d
$ kubectl get secret test-pkijks
NAME          TYPE      DATA      AGE
test-pkijks   Opaque    1         8d

The Java Key Store is saved by default in the key.jks field. It's possible to change the field via the jksConfiguration Object:

jksConfiguration

jksConfiguration:
  password: "changeit"
  alias: "main"
  keyName: "key.jks"

The field password defines the password that's used to secure the Key Store. The alias is for defining the name of the TLS-Certificate in the Key store and the key name is for specifying the save path in the secret.

Change Adjustment Callback

For more details please see Change Detection!

Previous
Secret Type - PKI
Next
Secret Type - CERT
Last updated 8 months ago
Contents
How TO
jksConfiguration
Change Adjustment Callback