search

buildbarn / bb-storage

Storage daemon, capable of storing data for the Remote Execution protocol
Apache License 2.0
137 stars 91 forks source link

Support TLS Server/Client certificates read from a file, and refreshe… #149

Closed joeljeske closed 1 year ago

joeljeske commented 1 year ago

…d on an interval.

Incompatible Changes:

This change moves the existing {client,server}_certificate and {client,server}_private_key into {client,server}_key_pair.inline.certificate and {client,server}_key_pair.inline.private_key

This change adds an alternate strategy for specifying certificates/private keys by using {client,server}_key_pair.files.certificate_path and {client,server}_key_pair.files.private_key_path which should reference PEM files on disk. A refresh_interval must also be specified to dictate the interval at which the files should be read and used in place of the existing certificate/key if such files have been changed.

In kubernetes for example, this allows a side-car to rotate certificate based on user's needs.

joeljeske commented 1 year ago

Thanks Ed! Very helpful tips, I appreciate it. Changes are made! :)

joeljeske commented 1 year ago

Ah! So sorry, fixed now :)