search

smallstep / helm-charts

Helm packages for Kubernetes
Apache License 2.0
49 stars 73 forks source link

Feature/#91 azurekms support #92

Closed Cpcrook closed 2 years ago

Cpcrook commented 2 years ago

Wanted to open this and get eyes on it. Certainly open to potential implementation changes, but tried to generalize the settings enough that it could be extended for use with other KMS platforms.

In short, this allows optionally specifying a KMS along with credentials. This was primarily focused around my use case (Azure KeyVault) and based on the docs here

Let me know what you think / any updates that could or should be made. Appears to be functional on my end, though I had to manually add the kms to ca.json in the values file generated by step ca --init locally and used to stand this up. I'll be opening a separate PR for that in the respective step-certificates repository.

Fixes/implements #91.

maraino commented 2 years ago

Hi @Cpcrook, I think it makes sense to be able to configure those environment variables, but they will be different for AWS OR GCP. I think is probably better to add something very generic, like a YAML object in values where you can define custom environment variables to set, and then just toYAML to format them properly.

Your custom values.yaml can contain the environment variables to append after the default ones:

env:
- name: FOO
  value: "BAR"
- name: BAR
  value: "FOO"
Cpcrook commented 2 years ago

Makes sense to me! Will make the environment variable update @maraino. I'm going to leave ca.kms for setting KMS type.

I'll have an update to this PR later today.