This is probably more useful in curtin, but I could see it being useful in cloud-init as well.
I expect this is more useful in curtin long-term, since those deploying in an environment with its own PKI infrastructure will be the primary users of this feature.
Having this in cloud-init would be good in case the certificates are needed during commissioning (i.e. to reach a TLS-protected MAAS URL), but I see that as lower priority.
Bottom line: for us to consider adding this feature to MAAS, it will probably need to be available in curtin first.
This is probably more useful in curtin, but I could see it being useful in cloud-init as well.
I expect this is more useful in curtin long-term, since those deploying in an environment with its own PKI infrastructure will be the primary users of this feature.
Having this in cloud-init would be good in case the certificates are needed during commissioning (i.e. to reach a TLS-protected MAAS URL), but I see that as lower priority.
Bottom line: for us to consider adding this feature to MAAS, it will probably need to be available in curtin first.