Closed jprelph closed 4 years ago
Had a look into this and as @jprelph says the ca_chain
values are not written out. In our case we have two certs in this chain and we only get the root CA written out to file.
I have had a first stab at fixing this on my fork: https://github.com/UKHomeOffice/vault-sidekick/pull/93
Some questions about the solution
Other notes
ca_cert
is always an interface slice, the only other way I could think of was using reflection, but this is usually frowned upon. I looked at the vault code and it seems like this should always be a slice.
It would be useful when using the PKI backend if fmt=cert would also pull out the ca_chain as well as the existing crt, ca and key files.