vault-csi-provider [Request for instructions] How to load the private and public keys of a certificate from the PKI Secret Backend, separately?

[Request for instructions] How to load the private and public keys of a certificate from the PKI Secret Backend, separately?

Open chirangaalwis opened this issue 5 months ago • 1 comments

Description

$subject for the certificate resource (created using Terraform resource type) needs to be performed at a Kubernetes cluster.

We are currently using the HashiCorp Vault CSI driver for Vault. We are unable to find any knowledge source containing instructions or spec definitions which help us perform $subject.

The following is an example we have been currently using to load the public and private keys of a Certificate resource from Azure Key Vault.

apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: service-ingress-tls-secret
spec:
  secretObjects:
    - secretName: service-tls
      type: kubernetes.io/tls
      data:
        - objectName: ingress-tls-certificate
          key: tls.key
        - objectName: ingress-tls-certificate
          key: tls.crt
  parameters:
    objects: |
      array:
        - |
          objectName: ingress-tls-certificate
          objectType: secret
          objectVersion: "xxxxxxxxxxxxxxxx"

Even though the objectType referred here is secret, this is actually a Certificate resource at the Azure Key Vault end. When using the secret type, we can load the private and public key pair together.

Do we have a similar option when using HashiCorp Vault CSI provider?

Jun 11 '25 12:06 chirangaalwis

vault-csi-provider vault-csi-provider copied to clipboard

[Request for instructions] How to load the private and public keys of a certificate from the PKI Secret Backend, separately?

Description

vault-csi-provider
vault-csi-provider copied to clipboard