You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using CFSSL inside a docker container to sign leaf certificates. The container is configured with a CA, and provides a web API which uses CFSSL to sign CSRs.
The signed certificates inherit the not before/after dates from the CA. Currently this requires that the container write a config JSON file to disk on startup which contains the CA's not before/after dates.
I'm using CFSSL inside a docker container to sign leaf certificates. The container is configured with a CA, and provides a web API which uses CFSSL to sign CSRs.
The signed certificates inherit the not before/after dates from the CA. Currently this requires that the container write a config JSON file to disk on startup which contains the CA's not before/after dates.
{ "signing": { "default": { "not_before": "...", "expiry": "..." } } }Which is then used in CFSSL like so:
To improve container security I'd ideally like to run it atop a readonly filesystem, but writing the config file to disk prevents this.
Would it be possible to allow CFSSL to read the config file from an environment variable, similar to what is allowed for the
-caparameter?Or indeed any other method of setting the configuration values without writing to disk would work.
Thanks,
Nathan
The text was updated successfully, but these errors were encountered: