-
Notifications
You must be signed in to change notification settings - Fork 484
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Streamline proxy certificate upload flow #1922
Labels
3-high
priority denoting release-blocking issues
enhancement
New feature or request
security-services
Milestone
Comments
This was referenced Oct 15, 2019
We could just drop this feature entirely and use kong's config file to specify the certificates instead. That seems like it would be the least amount of maintenance |
tingyuz
added
geneva
security_audit
Track issues that are related to CVE/CVSS/CWE auditing etc
and removed
security
labels
Oct 18, 2019
bnevis-i
changed the title
Move proxy certificate upload to vault into separate executable
Streamline proxy certificate upload flow
Oct 19, 2019
bnevis-i
added
unscoped
Issues that are currently out of scope for all releases.
and removed
geneva
labels
Nov 20, 2019
This was referenced Nov 4, 2020
bnevis-i
removed
security_audit
Track issues that are related to CVE/CVSS/CWE auditing etc
unscoped
Issues that are currently out of scope for all releases.
labels
Nov 4, 2020
jim-wang-intel
added a commit
to jim-wang-intel/developer-scripts
that referenced
this issue
Dec 10, 2020
Add a new makefile target for compose-builder: upload-tls-cert This can be used to setup a bring-your-own (BYO) TLS certificate for Kong proxy server in an Edgex docker-compose stack Closes: edgexfoundry/edgex-go#1926, edgexfoundry/edgex-go#1922 Signed-off-by: Jim Wang <[email protected]>
2 tasks
lenny-goodell
pushed a commit
to edgexfoundry/developer-scripts
that referenced
this issue
Dec 10, 2020
* feat(security): Add upload-tls-cert makefile target Add a new makefile target for compose-builder: upload-tls-cert This can be used to setup a bring-your-own (BYO) TLS certificate for Kong proxy server in an Edgex docker-compose stack Closes: edgexfoundry/edgex-go#1926, edgexfoundry/edgex-go#1922 Signed-off-by: Jim Wang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
3-high
priority denoting release-blocking issues
enhancement
New feature or request
security-services
🚀 Feature Request
Relevant Package
Affects security-secretstore-setup
Description
The existing security-secretstore-setup has inline code that uploads the proxy certificate into the secret store after initialization of the secret store. This coupling is unnecessary since the TLS certificate is created by an entirely separate tool (security-secrets-setup) that runs well-before security-secretstore-setup runs. In fact, there are multiple possible implementations of this logic:
The current implementation has very little to do with initializing the secret store other than requiring that the secret store is up, and thus the logic should be moved into its own utility.
The text was updated successfully, but these errors were encountered: