search

akka / akka-grpc

Akka gRPC
https://doc.akka.io/docs/akka-grpc/
Other
432 stars 123 forks source link

add something about rotating cert for mTLS #1971

Open johanandren opened 1 week ago

johanandren commented 1 week ago

In the Akka HTTP docs we have https://doc.akka.io/docs/akka-http/current/server-side/server-https-support.html#rotating-certificates showing how to create a HttpsConnectionContext with cert rotation but it might not be obvious how to find and set that up. We should either link to that from the mTLS docs page or show an example here as well.

patriknw commented 1 week ago

This isn't only about docs. Something is missing for a client with rotating certs. We have:

GrpcClientSettings
            .connectToServiceAt(host, port)
            .withSslContext(sslContext)

That sslContext instance is reading the certs when created, so it will not be refreshed for new connections.

We are missing something like:

withRefreshingSslContext(creator: () => SSLContext)

that can be used together with SSLContextFactory.refreshingSSLContextProvider.

(how to implement this is a more difficult question)