Add Support for Azure KeyVault stored certificates for SSL/TLS, maybe for sshPublicKey also

[RomasZekonis]

No description provided.

[russcam]

Can you please elaborate on what support for Azure KeyVault means for this issue? For example,

1. Storing certificates in KeyVault?
2. Pulling certificates locally when bootstrapping cluster?
3. Periodically checking KeyVault, and taking some action when certificates have been rotated?

[RomasZekonis]

Hello

This is not an issue. This is maybe more feature request. Sorry maybe I have posted in wrong place.
I think to have a option to bootstrap clusters with TLS certificates stored in keyvault should be useful.
And that would open the way more easy rotate certificates in production deployments, or make it auto-rotatable in the case 3)

Thank you

[russcam]

@RomasZekonis this is the right place to discuss a feature request 🙂 I'm interested in understanding more about how you envision Azure KeyVault would be integrated with the ARM template offering, and the deployed Elastic Stack.

I could see Azure KeyVault being useful for the three points in #321 (comment).

As far as I know at the moment though, it's not possible to create a KeyVault and insert a certificate into it within an ARM template. , The certificate might need to either already exist in KeyVault, and a secret passed to the template to retrieve it, or a certificate be supplied to the template, and inserted into KeyVault within the installation scripts. There's some complexity involved in both approaches.

[RomasZekonis]

Hello

I think the one of the option is to pass Certificates Identifier from existing Certificate in the keyvault. We are using the same way deployment of Service Fabric clusters ARM templates. If we deploy with ARM template "Azure Resource Manager for template deployment" should be enabled Access policy of the keyvault.