hundreds-gpu-71155
03/25/2024, 4:54 PMadventurous-butcher-54166
04/03/2024, 2:37 PMpulumi-azure-native
for importing cert into Key Vault
⢠pulumi-azuread
for creating a service principal with scoped permissions to only update an acme challenge TXT record for a given DNS zone
⢠pulumi-tls
for generating the ACME account registration private key
⢠pulumi-random
for creating a password for the PFX cert
⢠pyca/cryptography
for converting the PEM cert to the x509-pkcs8 format which Azure services accept
One could argue these are too many dependencies but at least it works and I can issue certificates, set up SSL and custom domains in a single Pulumi run for downstream workloads.
Would love to have this streamlined.hundreds-gpu-71155
04/03/2024, 3:03 PMadventurous-butcher-54166
04/03/2024, 3:29 PM_acme-challenge
TXT records.
But at the same time we're putting a lot of trust into those with write access to all the libraries I mentioned above.
Might be contradicting myself here ā I guess It's hard to have the cake and eat it too šhundreds-gpu-71155
04/03/2024, 3:30 PMadventurous-butcher-54166
04/03/2024, 3:30 PM