Extend the config files with files in drop-on folder

[flixman]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

I am very new to smallstep (2 days) but so far I like it very much.

Issue details

Would be possible to provide a way to extend/patch the ca.json config file based on static files (similar to the config.d/* folders)?

Why is this needed?

I have a setup based on a container, official step image, that I am trying to automate. After running step ca init I get a fully configured config/ca.json file... that I need to extend manually in case, e.g., I want to register x509 templates (or update it with other config options).

[hslatman]

Hey @flixman,

We currently don't support such a method of modular configuration, and it is unlikely that we'll add support for it. The main reason is that we want to keep the configuration as simple as possible.

Some parts of the configuration do support reading other parts from disk, specifically when it comes to certificate templates. Those can thus also be updated when necessary without changing ca.json, as long as the path to the template doesn't change.

One alternative for more dynamic configurations is remote management. It allows configuring provisioners separate from other parts of the CA configuration, with settings getting reloaded upon changes. It will require additional step commands to be executed, though.