Secret Type - PKIJKS
The PKIJKS-Type is the same as the PKI-Type. The only difference is that it converts the issued certificate into a Java Key Store.
How TO
How to generate a PKI is documented by HashiCorp in their Secrets Engine documentation. For a short simple example please see the How To section of PKi-Type.
After you have generated a PKI create the Vault resource in Kubernetes:
1
apiVersion: "koudingspawn.de/v1"
2
kind: Vault
3
metadata:
4
name: test-pkijks
5
spec:
6
path: "testpki/issue/testrole"
7
type: "PKIJKS"
8
pkiConfiguration:
9
commonName: "localhost"
10
ttl: "7m"
11
jksConfiguration:
12
password: "changeit"
Copied!
Now you should see the Vault resource in Kubernetes and the newly generated secret:
1
$ kubectl get vault test-pkijks
2
NAME AGE
3
test-pkijks 8d
Copied!
1
$ kubectl get secret test-pkijks
2
NAME TYPE DATA AGE
3
test-pkijks Opaque 1 8d
Copied!
The Java Key Store is saved by default in the key.jks field. It's possible to change the field via the jksConfiguration Object:
jksConfiguration
1
jksConfiguration:
2
password: "changeit"
3
alias: "main"
4
keyName: "key.jks"
Copied!
The field password defines the password that's used to secure the Key Store. The alias is for defining the name of the TLS-Certificate in the Key store and the key name is for specifying the save path in the secret.
Change Adjustment Callback
Last modified 1yr ago
Copy link