rmbolger
commented
3 years ago Hey @hbuckle, thanks for the request. It's definitely on my list of things to implement. Though the model I was likely looking at initially would only store the AES key used to encrypt the local config rather than the entire config.
While I haven't tried it myself, it should theoretically be possible to run effectively stateless already. Everything needed to get a an initial certificate with no prior config can be provided to New-PACertificate. And if you want to be able to store and re-use an existing ACME account without having to re-create it each time, Export-PAAccountKey can export the account key as a PEM file which you could store in KeyVault and the re-import via New-PAAcccount -KeyFile.
Would be great if this module could use SecretManagement to store account information and orders. This could also allow for running in stateless scenarios by using one of the remote SecretStore backends like Azure Keyvault. I'd be happy to work on a PR if you think it's a good idea?