Path reference for certificates API

[oxygen0211]

Hi everyone,
I would like to open a discusion about adding support for certificate path references to Kong's certificates API or to get a hint on how the usecase I would like to have it for is inteded to be solved by Kong.

My situation is the following: We are running a clustered Kong installation on Kubernetes behind an ELB, aggregating several microservices. In our setup, Kong does SSL termination using Let's Encrypt certificates. Certificate refresh is done automatically by Kube cert manager which creates Kubernetes secrets that mount the Kong pods' file system, configuring Kong to use them via kong.conf. As of now, with reachability over a single domain, this is working very well.

However, we have now reached a point in which we are requested to support multiple domains and thus need to handle multiple certificates for Kong. In my opinion using the certificates API and SNI would be the right way to achieve this but as I see it, this would require us to post the certificate and key data - not only a reference - to the API, effectively forcing us to manually do this every time we have to issue a new certificate or spend time automating it (although we already have a working solution).

Am I missing some way to automatically update the files or to configure multiple certificates on file level? I have seen #2133 and it seems there is some degree of intent behind not supporting file references, what is the reasoning behind this?