Self Signed Certs

[mnapoleon]

The docs here (https://github.com/nagyesta/lowkey-vault/wiki/Example:-How-can-you-use-Lowkey-Vault-in-your-tests#3-connecting-using-https) mentioned shipping with a self-signed cert that needing to trust that cert.
Where is this cert located (I'm running lowkey-vault from docker) and how do I go about trusting it on my local Mac laptop so a app I have that is attempting to connect doesn't complain about invalid remote cert.

[nagyesta]

Hi @mnapoleon ,
thank you for the question! I have updated the linked documentation a bit to provide the most essential details you will need, but I think it is still not ideal.

Long story short, you have some options

Using the self-signed certificate

The Connecting using HTTPS section links to the key store from this repository. It is inside the executable jar file of the container, so it would be probably harder to obtain from there.

Regarding the trust configuration

Assuming that you are using Java, this Gradle configuration is adding the necessary system properties to use the downloaded key store as trust store:

https://github.com/nagyesta/lowkey-vault-example/blob/main/java-sdk/build.gradle#L58-L60

As a side-effect, the built-in CAs will not be trusted, because the key store contains only the self-signed certificate. To be able to use the default CAs and the self-signed cert as well, you can consider importing the self-signed certificate into your default trust store.

Caution

Importing a publicly available self-signed certificate into your default trust store may introduce security risks. You should prefer to use at least an application specific copy of the key store to reduce the risk.

These steps might be helpful in case you are not that familiar with keytool: https://github.com/nagyesta/lowkey-vault/wiki/Importing-or-exporting-the-Lowkey-Vault-Self%E2%80%90Signed-certificate

Using your own certificate

You can use your own certificate as well. This might be more secure. Please read this page to see how you can provide your certificate using a volume and add the necessary configuration to use it: https://github.com/nagyesta/lowkey-vault/wiki/Example:-Using-a-custom-certificate-with-Lowkey-Vault

---

I will try to improve the wiki pages related to this topic later.

Please let me know how it went! Thank you!