Load server SSL/TLS certificates from database (or other dynamic source) #33142
-
|
We have a requirement to be able to change the TLS/SSL keystore and trust stores from the user interface. The trust stores are not a problem, but I can't find a way to get Quarkus to load the TLS keystore from a dynamic source. Ideally, I would like to register a "keystore producer" that can load the keystore with custom code. Then, I could load it from the database on startup. If it changes, the application can stop and rely on Kubernetes for a restart to pick up the new version. Is there a way to do this that I have missed? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 4 replies
-
|
/cc @Sgitario (kubernetes), @geoand (kubernetes), @iocanel (kubernetes) |
Beta Was this translation helpful? Give feedback.
-
|
I don't seem to be able to edit the labels, but this is not area/kubernetes but rather area/ssl or area/http. |
Beta Was this translation helpful? Give feedback.
-
|
I've just updated the labels. |
Beta Was this translation helpful? Give feedback.
-
|
Can |
Beta Was this translation helpful? Give feedback.
-
|
Sorry, this must be a server options one |
Beta Was this translation helpful? Give feedback.
-
|
Issue 30735 asks for a similar feature, but is open. |
Beta Was this translation helpful? Give feedback.
-
|
@erik-wramner, @cescoffier has added an option to customize Vert.x HTTP configuration with |
Beta Was this translation helpful? Give feedback.
-
|
That is exactly what we need, thanks. I'll give it a try. |
Beta Was this translation helpful? Give feedback.
@erik-wramner, @cescoffier has added an option to customize Vert.x HTTP configuration with
io.quarkus.vertx.http.HttpServerOptionsCustomizer, so you can register anApplicationScopedcustomizer, fetch the keystore data from the database etc (sorry I was not clear about it in the previous comment), can you try it ?@cescoffier Should we have #30735 resolved ?