Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for PKCS#12 archive format #205

Open
1 task done
detro opened this issue May 9, 2022 · 7 comments
Open
1 task done

Support for PKCS#12 archive format #205

detro opened this issue May 9, 2022 · 7 comments

Comments

@detro
Copy link
Contributor

detro commented May 9, 2022

Terraform CLI and Provider Versions

1.1.x

Use Cases or Problem Statement

PKCS#12 is a specification for a cryptographic archive format. Here are some useful links:

Support for this has been a long standing request, and contributors have provided some implementations or reporting:

Based on what's reported in issues and tickets, this would allow for better interoperability with other providers, like Azure.

The approaches range between having resources expose PKCS#12 as an additional Computed: attribute, sitting side by side with cert_pem or private_key_pem, or as an entirely new resource, where we can use the other resources/data-sources to create it.

Proposal

Create a PCKS#12 resource that allows to archive (with optional password) cryptographic objects.

Leverage the contributions listed above as inspiration, but considering the age of some PRs, it's unlikely a cherry pick will be possible.

NOTE: The exact implementation might still require some thought, as it might be more beneficial to instead export PKCS#12 archives as additional attributes. How exactly the implementation will look like might need to be delayed until this issue is addressed.

How much impact is this issue causing?

Low

Additional Information

Closes #29
Closes #36
Closes #69
Closes #70
Closes #119

Code of Conduct

  • I agree to follow this project's Code of Conduct
@chilicat
Copy link

Obsoletes https://github.com/chilicat/terraform-provider-pkcs12
Very welcome! :)

@jbg
Copy link

jbg commented Feb 24, 2023

It would be great to be able to produce somewhat arbitrary PKCS12 bundles, rather than being limited to getting a PKCS12 bundle containing a single certificate chain and/or private key.

Java >= 9 uses PKCS12 as its default trust store format (just a big archive of CA certificates). Currently there is no simple way to centrally manage these trust stores across many deployed Java applications using only Terraform providers, since there is no PKCS12 provider that supports providing an arbitrary list of certificates and no keys.

@h0nIg
Copy link

h0nIg commented May 26, 2023

ping @detro @bookshelfdave @ebekker @ @vancluever @zimbatm @digiwhite1980 @vadimkuznetsov @rajatrawat99 @elliotchaim @chilicat @troyready @Poil @slessardjr @easkay @holderbaum @dominik-lekse @ @draggeta @Leon99 @tombuildsstuff @MattMencel @apparentlymart @ @asc-adean @flokli @identifysun @mhaarbrink @ @marcmarcet @ @ankit-kumar-mck @ @Socolin @ @cicorias @jbg @tiwood @devlincashman @slessardjr

any update for this / any idea to push this forward? there is still nothing to be used out of the box (without workaround and without compiling something on my own)

@jbg
Copy link

jbg commented May 26, 2023

If there were updates, you'd see them in this ticket. If you're going to ping 30+ random people, at least have something to add… 🙄

@bendbennett
Copy link
Contributor

Hi @h0nIg 👋,
This PR is currently on-hold as our team's attention is currently elsewhere at the moment. Apologies for any inconvenience.

@jkroepke
Copy link

@bendbennett is there an ETA to continue work on this?

@clowa
Copy link

clowa commented Jun 15, 2024

+1 is there any current state of this feature request? Especially Azure depends a lot on pfx/ pkcs12 formatted certificate bundles.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

8 participants