vault-secrets-webhook icon indicating copy to clipboard operation
vault-secrets-webhook copied to clipboard

Published 20 hours ago verified publisher icon bank-vaults

Consider adding WatchConfig and automatic reload for CA secrets

Open jansobczak opened this issue 5 months ago • 2 comments

Preflight Checklist

  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • [X] I agree to follow the Code of Conduct.

Problem Description

When using cert-manager as CA provider for webhook in line https://github.com/bank-vaults/vault-secrets-webhook/blob/5c5715ab5c44f92136ebade5bb6118063b009275/main.go#L175 this CA is read but when CA rotates this require a rollout of the webhook deployment

Proposed Solution

Use the WatchConfig() in viper library to detect change in the file and reload vault-secrets-webhook

Alternatives Considered

No response

Additional Information

No response

jansobczak avatar Jan 25 '24 12:01 jansobczak

Thanks for raising this @jansobczak! If you have some time to assist on this, would be quite helpful. Let us know so we can plan ahead.

ramizpolic avatar Jan 30 '24 14:01 ramizpolic

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

github-actions[bot] avatar Mar 31 '24 00:03 github-actions[bot]