Jabba needs to support loading and runtime update of X509 certificate chains, containing SSL cert, intermediate certs and certificate authority details. It would be good to support at least one way to update these without having to restart the server i.e. by pushing a config update.
How should we support loading of TLS certs?
Embed cert inside yml config
Allow the user to paste the certificate directly into the json/yml config to be loaded during bootstrap. Config is currently loaded from disk but may also be applied via configuration endpoint at runtime.
Jabba needs to support loading and runtime update of X509 certificate chains, containing SSL cert, intermediate certs and certificate authority details. It would be good to support at least one way to update these without having to restart the server i.e. by pushing a config update.
How should we support loading of TLS certs?
Embed cert inside yml config
Allow the user to paste the certificate directly into the json/yml config to be loaded during bootstrap. Config is currently loaded from disk but may also be applied via configuration endpoint at runtime.
Pros
Cons
Load separately from disk
This is what Nginx does.
Pros
Cons
Integrate with Hashicorp Vault
Access the certificate from a local or remote Hashicorp vault instance. https://www.vaultproject.io/
Pros
Cons
ACME client(RFC8555) i.e. letsencrypt
Access and renew the certificate from an ACME compatible provider such as letsencrypt.
Pros
Cons
Tasks