search

enarx / drawbridge

A Confidential Computing-Aware Workload Repository
Apache License 2.0
8 stars 11 forks source link

Inline certificates in config #217

Open rvolosatovs opened 2 years ago

rvolosatovs commented 2 years ago

It would be nice to have support for inlining certificates in config files

From https://github.com/profianinc/drawbridge/issues/215#issuecomment-1164432897

rjzak commented 2 years ago

OpenVPN example:

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA256
tls-client
client
remote 1.2.3.4 443 tcp-client
auth-user-pass
remote-cert-tls server

# CA cert
<ca>
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
</ca>
# User cert signed by CA
<cert>
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
</cert>
# User privaye key
<key>
-----BEGIN PRIVATE KEY-----
MII...
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
# OpenVPN static key
-----BEGIN OpenVPN Static key V1-----
xyz123
-----END OpenVPN Static key V1-----
</tls-auth>