hundreds-gpu-71155
03/25/2024, 4:54 PMadventurous-butcher-54166
04/03/2024, 2:37 PMpulumi-azure-native
for importing cert into Key Vault
• pulumi-azuread
for creating a service principal with scoped permissions to only update an acme challenge TXT record for a given DNS zone
• pulumi-tls
for generating the ACME account registration private key
• pulumi-random
for creating a password for the PFX cert
• pyca/cryptography
for converting the PEM cert to the x509-pkcs8 format which Azure services accept
One could argue these are too many dependencies but at least it works and I can issue certificates, set up SSL and custom domains in a single Pulumi run for downstream workloads.
Would love to have this streamlined.hundreds-gpu-71155
04/03/2024, 3:03 PMadventurous-butcher-54166
04/03/2024, 3:29 PM_acme-challenge
TXT records.
But at the same time we're putting a lot of trust into those with write access to all the libraries I mentioned above.
Might be contradicting myself here – I guess It's hard to have the cake and eat it too 😄hundreds-gpu-71155
04/03/2024, 3:30 PMadventurous-butcher-54166
04/03/2024, 3:30 PM