Traefik: Provide option to source shared acme.json from hashicorp vault

Created on 8 Jun 2017  路  3Comments  路  Source: traefik/traefik

Currently if the configuration is stored in consul KV, the contents of the ACME json cert/keys are stored in the clear in the consul KV store.

Given the sensitivity of the keys in this file, it would be great to have the option of sourcing the acme config certs/keys from something like hashicorp vault instead.

Consul KV's can be secured via ACLs however people use various backup tools that can extract data out of consul and throw it to disk etc. Regardless having an encrypted store for ACME keys would be a great option.

areacme areprovideconsul kinenhancement prioritP3
Source
picture bitsofinfo
👍27

Most helpful comment

This would be so excellent! I run vault anyway and I'd like to get HA + ACME working with it rather than spin up a whole consul stack just for this? Especially if they're stored in the clear like @bitsofinfo says!

picture Nuxij on 13 Feb 2018
👍5

All 3 comments

is this feature on the roadmap?

ewah picture ewah on 4 Dec 2017
👍4

This would be so excellent! I run vault anyway and I'd like to get HA + ACME working with it rather than spin up a whole consul stack just for this? Especially if they're stored in the clear like @bitsofinfo says!

Nuxij picture Nuxij on 13 Feb 2018
👍5

Any update/plan? This is still priority/P3 but it would be a super useful feature to have!

koalalorenzo picture koalalorenzo on 17 Feb 2019
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

leowmjw picture leowmjw  路  3Comments
ewah picture ewah  路  3Comments
ulm0 picture ulm0  路  3Comments
rogeriollacerda picture rogeriollacerda  路  3Comments
saschagrunert picture saschagrunert  路  3Comments