Enable split of certificates from a Key Vault #694
Description
Is your feature request related to a problem? Please describe.
We're using Azure Key Vault for storing our secrets and certificates.
Secrets such as passwords or keys works flawlessly but certificates used for TLS seem to lack some functionality.
In Azure Key Vault certificates can only be imported/generated containing both the public and private part of the certificate.
On the other hand, TLS certificates in Istio are defined in a configmap like this:
apiVersion: v1
data:
tls.crt: xxx
tls.key: yyy
kind: Secret
metadata:
name: somename-cert-ingress-tls
namespace: istio-system
type: kubernetes.io/tls
It's not currently possible to split the certificate in the plugin in a public and private part.
Describe the solution you'd like
We would like an additional modifier called something like regex, that would allow to split a secret based on a regex. As an example it could be something like this:
<path:itngdpakvdevkv00#somename-cert-ingress-tls-crt-key | regex `\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-.*?\-\-\-\-\-END CERTIFICATE\-\-\-\-\-`s | base64encode>
Describe alternatives you've considered
Perhaps a more direct way of splitting a certificate into a private and public part. E.g.
<path:itngdpakvdevkv00#somename-cert-ingress-tls-crt-key | splitcertificate | base64encode>
Additional context
Nothing more to add right now.