Skip to content

override fulcio server secret keys#501

Open
saisatishkarra wants to merge 1 commit into
sigstore:mainfrom
saisatishkarra:feat/fulcio-keys-override
Open

override fulcio server secret keys#501
saisatishkarra wants to merge 1 commit into
sigstore:mainfrom
saisatishkarra:feat/fulcio-keys-override

Conversation

@saisatishkarra

@saisatishkarra saisatishkarra commented Apr 5, 2023

Copy link
Copy Markdown
Contributor

Description of the change

  1. Override fulcio server secret keys to avoid duplicating the secrets generated in standard TLS format generated by tools like cert-manager
  2. Make the Private Key password as optional since not all secrets are generated to support it.

Existing or Associated Issue(s)

Fix to partially overcome: sigstore/scaffolding#546

Additional Information

Checklist

  • Chart version bumped in Chart.yaml according to semver. Where applicable, update and bump the versions in any associated umbrella chart
  • Variables are documented in the values.yaml and added to the README.md. The helm-docs utility can be used to generate the necessary content. Use helm-docs --dry-run to preview the content.
  • JSON Schema generated.
  • List tests pass for Chart using the Chart Testing tool and the ct lint command.

Signed-off-by: saisatish karra <saisatish.karra@konghq.com>
@Hayden-IO

Copy link
Copy Markdown
Contributor

Cc @vaikas

@cpanato cpanato left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this might be a breaking change, did you test this upgrade with an existing installation?

@saisatishkarra

Copy link
Copy Markdown
Contributor Author

@cpanato I haven't verified this change against the existing instance!! can you point me to docs to test it out?

@saisatishkarra

Copy link
Copy Markdown
Contributor Author

@haydentherapper @cpanato please update the next course of action items if any changes are to be made/tested against to move this forward.

@cmurphy

cmurphy commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

The change of the secret value a string to an object isn't backwards compatible. If this is still something you care about, could you rebase and look into creating a migration path that won't break existing deployments that override that secret value?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants