Related to #1259
Consul Template version
I run a dev build version: 59fb4dd to have #1559 functionality
Configuration
key.tmpl
{{ with secret "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }}
{{ .Data.private_key }}
{{ end }}
cert.tmpl
{{ with secret "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }}
{{ .Data.certificate }}
{{ end }}
config.hcl
vault {
address = "http://127.0.0.1:8200"
renew_token = false
ssl {
enabled = false
}
}
template {
source = "key.tmpl"
destination = "key.pem"
}
template {
source = "cert.tmpl"
destination = "cert.pem"
}
Command
consul-template -config config.hcl
Expected behavior
Everytime consul agent reload, a new certificate and key pair is generated.
Actual behavior
From #1559, it looks like there is a way to generate the cert and cache it, but pkiCert doesn't return private key for there is no way to use it.
I tried to add extra template hoping that pkiCert will cache the cert and stop secret template from running but looks like they are independent from each other.
{{ with pkiCert "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }}
{{ .Data.certificate }}
{{ end }}
So how could I archive only renew cert and it need to be renewed, and not when consul-template is reload.
Thanks.
References
Are there any other GitHub issues (open or closed) that should
be linked here? For example:
Related to #1259
Consul Template version
I run a dev build version: 59fb4dd to have #1559 functionality
Configuration
key.tmpl
{{ with secret "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }} {{ .Data.private_key }} {{ end }}cert.tmpl
{{ with secret "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }} {{ .Data.certificate }} {{ end }}config.hcl
Command
Expected behavior
Everytime consul agent reload, a new certificate and key pair is generated.
Actual behavior
From #1559, it looks like there is a way to generate the cert and cache it, but pkiCert doesn't return private key for there is no way to use it.
I tried to add extra template hoping that pkiCert will cache the cert and stop secret template from running but looks like they are independent from each other.
{{ with pkiCert "pki/issue/example-dot-com" "common_name=test.example.com" "alt_names=localhost" "ip_sans=127.0.0.1" "ttl=7d" }} {{ .Data.certificate }} {{ end }}So how could I archive only renew cert and it need to be renewed, and not when consul-template is reload.
Thanks.
References
Are there any other GitHub issues (open or closed) that should
be linked here? For example: