search

monostream / cert-manager-linode

a cert-manager webhook adapter for linode
MIT License
22 stars 9 forks source link

apiKeyRef #6

Open cameronclaero opened 1 year ago

cameronclaero commented 1 year ago

Hi there, would it be possible to add apiKeyRef, so that a secret can be passed in ?

Thank you

restebanez commented 1 year ago

It'd be great to port the apiKeyRef implementation here. The current way to pass the Linode token is in plain text :(

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: webhook-linode-dns
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: ops@example.com
    privateKeySecretRef:
      name: letsencrypt-linode-dns-key
    solvers:
    - dns01:
        webhook:
          solverName: linode
          groupName: acme.cluster.local
          config:
            apiKey: <linode-plain-text-token>

The previous way to pass it was:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: webhook-linode-dns
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: ops@example.com
    privateKeySecretRef:
      name: letsencrypt-linode-dns-key
    solvers:
    - dns01:
        webhook:
          solverName: linode
          groupName: acme.cluster.local
          config:
            apiKeySecretRef: # This doesn't work anymore
               name: dns-scoped-linode-token
               key: token

I've noticed that if you use the apiKeySecretRef way it will fail silently with this message: 

find record example.net. _acme-challenge.example.net.                                                                                                                                               
find domain example.net