vault-charm

[FEATURE] Enable Vault charm to issue PKI certificates

Bug #1878353 reported by Diko Parvanov on 2020-05-13

This bug report is a duplicate of: Bug #1948837: [feature] add ability to generate a certificate against Vault PKI. Edit Remove

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	vault-charm	Triaged	Wishlist	Unassigned

Bug Description

Enable actions on the vault charm that issue PKI certificates using the PKI secrets engine: https://www.vaultproject.io/api-docs/secret/pki#generate-certificate and https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2020-05-13:

#1

The charm already supports issuing certificates [0], to understand your request I would like more information.

0: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-certificate-management.html

Changed in vault-charm:
status:	New → Incomplete

Revision history for this message

Diko Parvanov (dparv) wrote on 2020-05-13:

#2

The request is to run the 'Generate Certificate' https://www.vaultproject.io/api-docs/secret/pki#generate-certificate and receive the certificate, issuing_ca, ca_chain, private_key with the generated or uploaded CA in the charm.

Revision history for this message

Diko Parvanov (dparv) wrote on 2020-05-13:

#3

Goal is to receive this response: https://www.vaultproject.io/api-docs/secret/pki#sample-response-8

Diko Parvanov (dparv) on 2020-05-13

Changed in vault-charm:
status:	Incomplete → New

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2020-05-13:

#4

How does your use case differ from what is already implemented in the charm and what prohibits you from using the existing functionality?

Changed in vault-charm:
status:	New → Incomplete

Revision history for this message

Diko Parvanov (dparv) wrote on 2020-05-13:

#5

The charm currently issues only a CSR, that has to manually be signed by openssl with the CA. The certificates shouldn't be provided via relations, but exported as plain text, same as get-root-ca action.

Changed in vault-charm:
status:	Incomplete → New

Revision history for this message

Frode Nordahl (fnordahl) wrote on 2020-05-13:

#6

Thank you for your clarification, so in essence you are requesting a action-based interface to what the charm already has implemented for the charms to use through the certificates relation.

I guess that is a valid request, since this is a feature request for something not on our roadmap I will triage this as wish-list.

Changed in vault-charm:
status:	New → Triaged
importance:	Undecided → Wishlist

Revision history for this message

Ksawery Dziekoński (ksdziekonski) wrote on 2022-03-30:

#7

Potential duplicate of LP#1948837.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1948837 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.