Thanks for this application, it is very useful! I have a request.
Is your feature request related to a problem? Please describe.
The current situation requires applications to have access to a common Key Vault, potentially then securing certificates with separate role assignments.
Separating secrets per-app and per-environments is recommended by Microsoft.
Describe the solution you'd like
It would be good if one instance of the keyvault-acmebot could support multiple keyvaults.
I've provided more thoughts in the context below.
Describe alternatives you've considered
Multiple keyvault-acmebot implementations.
Additional context
Here are some ideas how this could be implemented.
From the dashboard, there would be a drop down to switch between the different Key Vaults
For issuing certificates, the API would default to the first Key Vault if none were specified, to avoid breaking changes. An optional parameter would allow another Key Vault to be specified.
The renewal logic would have to iterate over each of the Key Vaults.
The app configuration would require either an individual Key Vault URL or an array.
I think this would provide a centralised mechanism to view and renew certificates, whilst allowing each solution to keep a separate Key Vault.
I'm sure there are other things I have not thought about, but I wondered if there is interest in this?
Thanks for this application, it is very useful! I have a request.
Is your feature request related to a problem? Please describe.
The current situation requires applications to have access to a common Key Vault, potentially then securing certificates with separate role assignments.
Separating secrets per-app and per-environments is recommended by Microsoft.
Describe the solution you'd like
It would be good if one instance of the keyvault-acmebot could support multiple keyvaults.
I've provided more thoughts in the context below.
Describe alternatives you've considered
Multiple keyvault-acmebot implementations.
Additional context
Here are some ideas how this could be implemented.
From the dashboard, there would be a drop down to switch between the different Key Vaults
For issuing certificates, the API would default to the first Key Vault if none were specified, to avoid breaking changes. An optional parameter would allow another Key Vault to be specified.
The renewal logic would have to iterate over each of the Key Vaults.
The app configuration would require either an individual Key Vault URL or an array.
I think this would provide a centralised mechanism to view and renew certificates, whilst allowing each solution to keep a separate Key Vault.
I'm sure there are other things I have not thought about, but I wondered if there is interest in this?