secretless-broker icon indicating copy to clipboard operation
secretless-broker copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Secretless configuration files support ssl configuration information

Open BradleyBoutcher opened this issue 4 years ago • 2 comments

We are proposing the following supported changes for the secretless yaml, which would allow for ssl configuration within the config subsection of a connector in secretless, as its placement in the credentials section is unclear.

Example:

version: 2

services:
  mssql:
    connector: mssql
    listenOn: 0.0.0.0
    credentials:
      username: foo      
      password: bar
      host: mssql
      port: 0
   config:
      sslmode: ...
      sslcert: ...

BradleyBoutcher avatar Apr 03 '20 16:04 BradleyBoutcher

this would be a backwards compatible alternative to providing the SSL config in the creds section?

also, at current the if the sslcert we'd specify the file provider with the path as the from - this is certainly cleaner, but it seems also a hidden requirement of this enhancement request that we'd also have to know that sslcert in the config would be retrieved from a file.

would we support also pasting in the SSL cert string into the yaml?

izgeri avatar Apr 03 '20 17:04 izgeri

Those are good questions. This came out of a conversation between myself and @doodlesbykumbi , who can probably answer better than myself. To clarify my example, we'd be moving all ssl configuration options to the config section, not just the sslcert.

I believe I misrepresented the idea initially. We just wanted to relocate the ssl related keys to the config subsection, but didn't want to change any other syntax related to the way values would be passed.

BradleyBoutcher avatar Apr 06 '20 20:04 BradleyBoutcher