Future usage of instance identity credentials
I was quite excited when I found out about instance identity credentials (https://docs.cloudfoundry.org/devguide/deploy-apps/instance-identity.html):
Each app gets its own x509 keypair that can be used for mTLS - and it’s even rotated automatically! This looks like a powerful enabler for all kind of future mTLS scenarios.
However, it looked like this keypair is currently limited to three use cases:
Why I’m interested about this:
But: the app does not notice when the keypair is rotated, causing the connection to break after the first rotation.
Are there any plans to add support (i.e. automatic watching and insertion) for other buildpacks so that CF_INSTANCE_CERT/CF_INSTANCE_KEY becomes a first class resource for all kind of apps?
If someone of the Credhub team is at CF Summit Basel next week I’d be very happy to chat about this!
|1 - 1 of 1|