You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/09/20 14:12:45 UTC

[GitHub] [pulsar] one70six opened a new issue #5241: Pulsar Client - Allow TLS Certs to be loaded from memory

one70six opened a new issue #5241: Pulsar Client - Allow TLS Certs to be loaded from memory
URL: https://github.com/apache/pulsar/issues/5241
 
 
   Currently the Pulsar client allows for the use of TLS certificates to be loaded and passed to the brokers, but these certs have to exist on the file system where the Pulsar client resides.
   
   Example:
   ```java
   String clientCertPath = "./client1.cert.pem";
   String clientCertKeyPath = "./client1.key-pk8.pem";
   String tlsTrustCertsFilePath = "./ca.cert.pem";
   
   Map<String, String> authParams = new HashMap<>();
   authParams.put("tlsCertFile", clientCertPath);
   authParams.put("tlsKeyFile", clientCertKeyPath);
   
   PulsarClient client = PulsarClient.builder()
           .serviceUrl(SERVICE_URL)
           .tlsTrustCertsFilePath(tlsTrustCertsFilePath)
           .authentication(AuthenticationTls.class.getName(), authParams)
           .build();
   ```
   
   **Describe the solution you'd like**
   Allow the authentication portion of the client builder to accept strings from memory, as well as, file paths. This way you can:
   
   - utilize certificate vaults such as Pivotal Hashi-Vault to store your client certs
   - call the cert vault API to obtain the certs
   - pass them to the Pulsar client
   - and off you go!
   
   Today this model works by:
   - call the cert vault API to obtain the certs
   - create physical certs on the file system from the certs you now have in memory
   - load the physical certs from the file system into Pulsar client
   
   Allowing them to be loaded via memory would be more efficient when using certificate vaults.
   
   Thanks!
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services