marblerun
marblerun copied to clipboard
edgelesssys
emit cert as Java KeyStore
Use case
java requires using a "keystore" instead of just pem encoded certs. so we'll have to emit those from premain.
Describe your solution
(https://github.com/pavlo-v-chernykh/keystore-go) could be used to provide the nessesary template func
something like
"Marbles": {
"javathing": {
"Parameters": {
"Files": {
"/app/keystore.jks": "{{ javaKeyStore .MarbleRun.MarbleCert.Cert }}",
I would prefer not to add language specific encodings to the manifest. In my opinion, parsing files is something that should be left to the application itself.
If PEM is something your application does not handle well, you can also use raw, to get the certificate in DER encoded certificate, or hex, to get the DER certificate hex encoded. See the docs for more details.
Tagging @m1ghtym0 in case he has a different opinion.
Yeah that would be the ideal design but the client insists to run applications unmodified using gramine.
I think a workable path would be to have generic transformer plugins in premain, but unfortunately premain doesn't know which file is the certificate.
Another possible solution is to just downstream fork premain and hardcode this specific behavior. but other people using java will have the same issue
I agree with Daniel that ideally, encodings should be language neutral. However, I see the problem here and it's just another encoding. IMO, that's not a big deal and we can have as many encodings as necessary, especially in hindsight of lift&shift. So, @aep please feel free to add JavaKeyStore as a file encoding.
