quick question, is there a way to specify a passwo...
# fleetc
chrismsnz
02/09/2023, 10:39 PMquick question, is there a way to specify a password (ideally a FLEET_SERVER var) to unlock a tls private key for the fleet server? couldnt see anything in the docs about it
k
Kathy Satterlee
02/09/2023, 11:09 PMHi @chrismsnz. The short answer here is "no". I'm working on getting you a more detailed answer!
c
chrismsnz
02/09/2023, 11:12 PMthanks, i looked in the config and tls setup in the source and doesn't look like its a thing. I think i can work around it so don't expend too much effort 🙂
z
zwass
02/10/2023, 12:52 AM
Yeah, would advise just decrypting the key with openssl in your container or wherever the Fleet server is running before starting the server.
c
chrismsnz
02/10/2023, 12:54 AMthanks, yeah i was hoping to keep the dockerfile stock but looks like i'll have to customise it
z
zwass
02/10/2023, 12:56 AM
Or depending on your org policies, maybe you can decrypt the key and put it into your secret store so that it doesn't need a password?
c
chrismsnz
02/10/2023, 12:57 AMyeah only handles strings (which is where i was gonna keep the decrypt key), no worries mate thanks for your help
z
zwass
02/10/2023, 12:58 AM
Wait but you need to provide the cert as a PEM which is a string
c
chrismsnz
02/10/2023, 12:58 AMi need to provide the cert to fleet as a file, but the secret system im using sets env vars
chrismsnz
02/10/2023, 12:59 AMso i just need a custom echo $CERT > /tmp/crt.pem or whatever and configure fleet to look at it but just requires customising the docker
chrismsnz
02/10/2023, 1:00 AMor in place openssl decrypt or w/e
z
zwass
02/10/2023, 1:00 AM
Can you make your command something like
echo $CERT > /tmp/crt.pem && fleet serve ...zwass
02/10/2023, 1:00 AM
Not that it's really a big deal to build a custom container, but would be convenient to not need it.
c
chrismsnz
02/10/2023, 1:01 AMyeah i can manage the command outside the container so might just do that
chrismsnz
02/10/2023, 1:01 AMthanks mate
5 Views