suggestion: systemd integration

[udf2457]

It would be nice if the tool had integration with systemd to enable launch / reload via systemd.

Its saves sysadmins from "reinventing the wheel" and un-necessary DIY maintenance dependencies.

Also pretty much all third-party packages will install a systemd service. So that's more sysadmin work to remove the systemd service.

For example, PostgreSQL, install via official package. It installs a systemd service. All configuration (e.g. where to find SSL certs) is done in /etc/postgresql, so sysadmins don't need to touch the maintainer's systemd service. It would be good to point the /etc config at the spiffe certs location and spiffe-helper calls systemd.

[kfox1111]

There's a start of some here: https://github.com/spiffe/spire-examples/pull/64

Would be pretty easy to add spiffe-helper there too.

[udf2457]

Thanks for the pointer, will take a look.

I haven't reviewed it or tried it, but I do know from recently looking through their docs that smallstep use systemd service and timer templates: https://smallstep.com/docs/step-ca/renewal/#automated-renewal ... [email protected] [email protected] and then e.g. creating [email protected] and [email protected]

Whether that's simpler or more convoluted than your proposal I don't know... 😉