vault-secrets-webhook
vault-secrets-webhook copied to clipboard
Consider adding WatchConfig and automatic reload for CA secrets
Preflight Checklist
- [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
- [X] I agree to follow the Code of Conduct.
Problem Description
When using cert-manager as CA provider for webhook in line https://github.com/bank-vaults/vault-secrets-webhook/blob/5c5715ab5c44f92136ebade5bb6118063b009275/main.go#L175 this CA is read but when CA rotates this require a rollout of the webhook deployment
Proposed Solution
Use the WatchConfig() in viper library to detect change in the file and reload vault-secrets-webhook
Alternatives Considered
No response
Additional Information
No response
Thanks for raising this @jansobczak! If you have some time to assist on this, would be quite helpful. Let us know so we can plan ahead.
Thank you for your contribution! This issue has been automatically marked as stale
because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale
label will be automatically removed.