ca-certificates icon indicating copy to clipboard operation
ca-certificates copied to clipboard

Published 20 hours ago verified publisher icon paketo-buildpacks

Enable certs to be loaded from a remote resource

Open dmikusa opened this issue 3 years ago • 0 comments

At present, a binding must exist or a buildplan entry must exist to specify a cert that should be added. It would be helpful if certificates could be loaded remotely. Perhaps through a URL to either a certificate file or a zip of certificate files.

Unresolved questions:

  • are there security implications to consider loading them remotely?
  • do we need to take the expected sha256 hash of the cert, and validate before loading the remote cert?
  • do we use a binding to specify the URL or env variable?
  • do we need to support auth? (if that's the case, then we'd need to use a binding)

dmikusa avatar Feb 01 '22 16:02 dmikusa