Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: possibility of having multiple keyvault? #666

Open
kewalaka opened this issue Feb 11, 2024 · 0 comments
Open

feat: possibility of having multiple keyvault? #666

kewalaka opened this issue Feb 11, 2024 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@kewalaka
Copy link

kewalaka commented Feb 11, 2024

Thanks for this application, it is very useful! I have a request.

Is your feature request related to a problem? Please describe.

The current situation requires applications to have access to a common Key Vault, potentially then securing certificates with separate role assignments.

Separating secrets per-app and per-environments is recommended by Microsoft.

Describe the solution you'd like

It would be good if one instance of the keyvault-acmebot could support multiple keyvaults.

I've provided more thoughts in the context below.

Describe alternatives you've considered

Multiple keyvault-acmebot implementations.

Additional context

Here are some ideas how this could be implemented.

From the dashboard, there would be a drop down to switch between the different Key Vaults

For issuing certificates, the API would default to the first Key Vault if none were specified, to avoid breaking changes. An optional parameter would allow another Key Vault to be specified.

The renewal logic would have to iterate over each of the Key Vaults.

The app configuration would require either an individual Key Vault URL or an array.

I think this would provide a centralised mechanism to view and renew certificates, whilst allowing each solution to keep a separate Key Vault.

I'm sure there are other things I have not thought about, but I wondered if there is interest in this?

@kewalaka kewalaka added the enhancement New feature or request label Feb 11, 2024
@shibayan shibayan added this to the Backlog milestone Feb 11, 2024
@shibayan shibayan modified the milestones: Backlog, v5.0.0 Release Mar 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants