search

akka / akka-grpc

A platform to build and run apps that are elastic, agile, and resilient. SDK, libraries, and hosted environments.
https://doc.akka.io/libraries/akka-grpc/current/
Other
431 stars 124 forks source link

add something about rotating cert for mTLS #1971

Open johanandren opened 2 months ago

johanandren commented 2 months ago

In the Akka HTTP docs we have https://doc.akka.io/docs/akka-http/current/server-side/server-https-support.html#rotating-certificates showing how to create a HttpsConnectionContext with cert rotation but it might not be obvious how to find and set that up. We should either link to that from the mTLS docs page or show an example here as well.

patriknw commented 2 months ago

This isn't only about docs. Something is missing for a client with rotating certs. We have:

GrpcClientSettings
            .connectToServiceAt(host, port)
            .withSslContext(sslContext)

That sslContext instance is reading the certs when created, so it will not be refreshed for new connections.

We are missing something like:

withRefreshingSslContext(creator: () => SSLContext)

that can be used together with SSLContextFactory.refreshingSSLContextProvider.

(how to implement this is a more difficult question)