ephemeris-lappis opened a new issue, #6432:
URL: https://github.com/apache/camel-k/issues/6432
### Requirement
Release 2.9.0 includes a new feature to set certificates into a custom JVM's
trust store.
First, the documentation mentions mounted resources (secrets) but the
implementation indeed needs mounted paths.
Next, real use cases involve setting more than one custom certificate. As
well, the original JVM's cacerts should be optionally integrated into the new
trust store. And, at last, to make things shorter, default passwords
("changeit" I think) may be used.
Here an example of a complete configuration in an integration with a
proposed syntax (entries names and structure may be obviously adapted to follow
camel-k usual ones).
```
traits:
mount:
resources:
- secret:ca1-secret@/ca/enterprise
- sectet:ca2-secret@/ca/partners
- secret:ca-passwords-secret@/ca/passwords
jvm:
cacerts:
certicates:
# perhaps the alias my be optional and a computed value my be used
- alias: corporate-ca
filePath: /ca/enterprise/company.crt
- alias: abc-ca
filePath: /ca/enterprise/application-abc.crt
- alias: xyz-ca
filePath: /ca/partners/partner-xyz.crt
# default value may be "changeit"
password: /ca/passwords/new.password
jdkCacertsCopy: true
# it seems to be possible to find it, but can be explicit
jdkCacertsPath: /opt/java/openjdk/lib/security/cacerts
# same default value
jdkCacertsPassword: /ca/passwords/jdk.password
```
Do you confirm that the trait is available the same way in integration
platforms to be applied to all dependent integrations ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
