Manual activation should admit provisioning by configuration file or environment variable
jkroll-cf opened this issue · 4 comments
In setting up a keyless server with the new -manual-activation flag, one must be able to enter the hostname and API token into a prompt. This makes automation with scripts or deployment on a cluster challenging.
Manual activation requires manual action (copying a CSR, sending it to CF and saving the resulting certificate).
Either the resulting server cert/key pair should be deployed or normal provisioning (via the certificateAPI) should be used (pre-creating a token.json and deploying that)
The scenario I'm thinking of, which I encountered, is deploying the keyless server in an environment where I'm not attached to provide the prompt answers but do want it to spit out a CSR for me to get signed manually. It should be possible to feed the prompts some other way in this case, such as with a flag, environment variable, or config file.
You could locally run gokeyless -manual-activation - get/sign the CSR - and
then COPY that key.pem and the resulting server.pem into your Docker image.
On Wed, Mar 23, 2016 at 10:25 AM jkroll-cf notifications@github.com wrote:
The scenario I'm thinking of, which I encountered, is deploying the
keyless server in an environment where I'm not attached to provide the
prompt answers but do want it to spit out a CSR for me to get signed
manually. It should be possible to feed the prompts some other way in this
case, such as with a flag, environment variable, or config file.—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub
#50 (comment)
That's a good point - on reflection, I suppose there's not currently a need for this. However, having it would make the manual activation path more scriptable (although that's what the automated activation path is for).