How to rotate client certificate

[jvanbruegge]

My ldap server expects client certificates, which is not a problem, as I can supply them with tls_client_X in the config of the ldap backend.

The problem is how am I supposed to rotate the certificates? Vault itself generates those and I want to make them short lived. But I can't update them after the fact because the password is required for the /config endpoint and I don't have that any more after /rotate-root.

In general, it would be way more convenient to be able to specify certificate files, so I can just use the regular way of vault agent to keep renewing the certificates.

[jvanbruegge]

Closed by accident, still don't know how to rotate certificates

[jvanbruegge]

If someone would give me a few pointers, I could also try to implement this myself