qrkourier
commented
9 hours ago I assume this will eliminate the step of running ziti ops unwrap to obtain the separate client cert and private key.
Open qrkourier opened 9 hours ago
qrkourier
commented
9 hours ago I assume this will eliminate the step of running ziti ops unwrap to obtain the separate client cert and private key.
qrkourier
commented
9 hours ago Does NF_IDENTITY_PATH already do this?
qrkourier
commented
5 hours ago Now I see NF_ADMIN_IDENTITY_PATH is used two ways:
The separate files are only necessary for the Postman demo, and I don't expect most users will use the demo. Most will proceed straight to deployment instructions.
Therefore, I think it's best to eliminate the dependency on jq by using the identity config JSON file created by ziti edge enroll directly in the Go SDK where we log in the agent to the mgmt API.
The
ziti edge enrollcommand is the easiest way to obtain an admin client cert. This produces a Ziti identity configuration JSON file, which can be used by the Go SDK to log in like this: https://github.com/openziti/ziti/blob/v1.2.0/ziti/cmd/edge/login.go#L114