Closed Kuruyia closed 8 months ago
Hello @Kuruyia!
Thanks for your all your submissions, we'll review them shortly. About your questions:
Would this also be useful for the JWT keypair?
Yes, absolutely. Feel free to add it if you want to this PR.
The gpgX keys (and by extension, the jwtX keys too) should be moved to their own sections, such as:
We are not very keen to modify the values as of now.
Hi, thanks for your reply!
I'll do another PR for the modifications on the JWT keypair, to avoid overloading this one.
This adds a new value,
gpgExistingSecret
, to allow providing an existing secret containing theserverkey.asc
andserverkey_private.asc
keys instead of generating those when installing the chart. My use case for this is migrating Passbolt from an old environment to Kubernetes, while keeping the contents of the database and the GPG keypair.When an existing GPG secret is supplied, the GPG keypair creation job does not run, and the GPG secret is not created by the chart.
Everything (?) has been modified to use the existing secret in place of the normally generated one if one was supplied.
Some ideas for the future:
gpgX
keys (and by extension, thejwtX
keys too) should be moved to their own sections, such as:jwt: path: /etc/passbolt/jwt existingSecret: "" forceKeyCreation: false serverPrivateKey: "" serverPublicKey: "" createJob: extraPodLabels: {}