Referencing certs in deployment manifests.

Question

Referencing certs in deployment manifests.

ablease opened this issue 8 years ago · 1 comments

Hello. Were using v0.3.0 if the cli and credhub version 0+dev.1478581416

The credhub-bosh integration has been working great for storing passwords in credhub, and referencing them in deployment manifests using the double bracket syntax.

We are having some problems storing certificates though. Currently we are trying to set a cert in credhub via the cli and reference it in the manifest

set the credential:

$ credhub set -n bosh-director/our-deployment/metron-cert -t certificate -c /path/to/our/metron-cert.crt

Reference it in the manifest:

---
jobs:
- name: metron_agent
  release: loggregator
  properties:
    metron_agent:
      deployment: *name
      protocols:
         - tls
      tls:
        client_cert: ((metron-cert))

When we deploy the value doesn't seem to have been interpolated properly. Instead some json appears in the cert field rather than just the cert.
Current effect:

root@bosh-deployed-vm:~$ cat /var/vcap/jobs/metron_agent/config/certs/metron_agent.crt
{"ca"=>nil, "certificate"=>"-----BEGIN CERTIFICATE-----<this isn't what we want>\n-----END CERTIFICATE-----\n", "private_key"=>nil}

Desired effect:

root@bosh-deployed-vm:~$ cat /var/vcap/jobs/metron_agent/config/certs/metron_agent.crt
-----BEGIN CERTIFICATE-----
<all our good cert stuff>
-----END CERTIFICATE-----

Answer 1 · 2016-11-15T17:29:10.000Z

Ah-ha. I'm not referencing the credential in my manifest correctly. Closing this.