search

microsoft / service-fabric

Service Fabric is a distributed systems platform for packaging, deploying, and managing stateless and stateful distributed applications and containers at large scale.
https://docs.microsoft.com/en-us/azure/service-fabric/
MIT License
3.03k stars 399 forks source link

Export client certificate in a more portable format. #144

Open askew opened 6 years ago

askew commented 6 years ago

When SF creates a container based service (using Windows containers) it automatically creates a client certificate and puts this in the following environment variables in the container.

The key is from code in CryptoUtility::GenerateExportableKey which creates a base64 encoding of the data exported by the CryptoAPI functionCryptExportKey. This can only be used by importing with the corresponding CryptImportKey function.

It would be far more useful if CryptoUtility::GenerateExportableKey made a call to CryptEncodeObjectEx to encode the key data in a standard RSA private key format. This way the certificate in the environment variables can be used in code other than native Windows C++.

samedder commented 6 years ago

Thanks for reporting this, we're looking into what possible enhancements we can make in this area

JustinKaffenberger commented 3 years ago

I've been researching at the feasibility of writing more services in different languages, and utilizing the Service Fabric Rest API within. The usability of these environment variables is crucial. Any updates on this @samedder or @craftyhouse ? Not a huge priority but, these variables are hard to even find documentation on. Thanks!