My ldap server expects client certificates, which is not a problem, as I can supply them with tls_client_X in the config of the ldap backend.
The problem is how am I supposed to rotate the certificates? Vault itself generates those and I want to make them short lived. But I can't update them after the fact because the password is required for the /config endpoint and I don't have that any more after /rotate-root.
In general, it would be way more convenient to be able to specify certificate files, so I can just use the regular way of vault agent to keep renewing the certificates.
My ldap server expects client certificates, which is not a problem, as I can supply them with tls_client_X in the config of the ldap backend.
The problem is how am I supposed to rotate the certificates? Vault itself generates those and I want to make them short lived. But I can't update them after the fact because the password is required for the
/config
endpoint and I don't have that any more after/rotate-root
.In general, it would be way more convenient to be able to specify certificate files, so I can just use the regular way of vault agent to keep renewing the certificates.