How self-signed cert on Azure KV can decode ?
Tomonori-YOSHIKAWA opened this issue · 3 comments
I am trying pull out selfsigned certification from azure KV with a following example. But the Externalsecret resource on my k8s cluster showed an error message as follows.
How does this work ?
Hereunder is the log from the Externalsecret resource
status:
conditions:
- lastTransitionTime: '2021-11-24T05:19:27Z'
message: >-
could not apply template: could not execute template: unable to execute
template at key tls.crt: unable to execute template at key tls.crt:
template: tls.crt:1:14: executing "tls.crt" at : error
calling pkcs12cert: unable to decode pkcs12 certificate with password:
pkcs12: error reading P12 data: asn1: structure error: tags don't match
(2 vs {class:0 tag:16 length:603 isCompound:true}) {optional:false
explicit:false application:false private:false defaultValue:
tag: stringType:0 timeType:0 set:false omitEmpty:false} int @4
reason: SecretSyncedError
status: 'False'
type: Ready
refreshTime: '2021-11-24T05:15:49Z'
syncedResourceVersion: 34-dbb46c9f9713340488bc71ec40d1441a
Hereunder is the manifest I applied
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: example-external-secret
namespace: dev
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: cluster-secret-store
target:
name: secret-to-be-created
template:
type: kubernetes.io/tls
data:
tls.crt: "{{ .tlscert | pkcs12cert | pemCertificate }}"
tls.key: "{{ .tlscert | pkcs12key | pemPrivateKey }}"
data:
- secretKey: tlscert
remoteRef:
key: cert/testtestcert
I am wondering if pkcs12certPass and pkcs12keyPass should be used instead of pkcs12cert and pkcs12key respectively.
But, if so, I do find any usages about how I can place its password into their helper functions.
Any examples ?
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.