You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
It is common to require TLS certs to be refreshed either periodically or on demand when previous certs, e.g. when secrets were leaked. Currently, a reboot is needed to pick up new certs in Pelikan-segcache. This means cert renewal gets in the way of upholding data availability.
Describe the solution you'd like
Many services that support TLS also support hot loading, which is the practice of (re-)loading certs and recreating the SSL context. Two general approaches can be considered: 1. periodic, on a timer predetermined at application start time; 2. on-demand, e.g. when a specific signal is received by the process. For feature parity with existing internal service, we should at least deliver 1.
Additional context
We should look at existing implementation when adding this feature to Pelikan.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
It is common to require TLS certs to be refreshed either periodically or on demand when previous certs, e.g. when secrets were leaked. Currently, a reboot is needed to pick up new certs in Pelikan-segcache. This means cert renewal gets in the way of upholding data availability.
Describe the solution you'd like
Many services that support TLS also support hot loading, which is the practice of (re-)loading certs and recreating the SSL context. Two general approaches can be considered: 1. periodic, on a timer predetermined at application start time; 2. on-demand, e.g. when a specific signal is received by the process. For feature parity with existing internal service, we should at least deliver 1.
Additional context
We should look at existing implementation when adding this feature to Pelikan.
The text was updated successfully, but these errors were encountered: