-
Notifications
You must be signed in to change notification settings - Fork 540
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Revoke cert automatically when vault_pki_secret_backend_cert
resource is destroyed.
#719
Comments
I was surprised to see that this wasn't the default behavior - one would assume if the cert was requested to be destroyed the equivalent action would be to revoke the cert. Can anyone from Hashicorp weigh in on this? |
I got the same use case and I agree with the above posters - revoking the certificate should be the default behavior. |
I have a similar use case where when deleting the certificate I have to assume a manual step to revoke the certificate. Please put some attention in this issue and let's see if we can find a workaround or a better implementation. Thanks in advance |
Do maintainers think this is a good idea? I can raise a PR if needed. |
I have been using Vault as PKI since this issue was opened (three instances, in fact) and still thinking this feature is important to have |
I have to agree - I came here because I honestly couldn't believe that this was what a sane person would think was a good default. Perhaps - if there are scenarios where it is so, then an attribute to control whether the cert is killed in vault when it is killed in terraform would be a compromise (and it can even default to current behavior) |
I have sent a pull request solving the feature request. As suggested by @donwoodruff, I added an argument in order to deactivate this (or activate, really I don't have any preference about the default value). |
Hello,
I'm using Vault for my internal PKI, and the Terraform provider for Vault in order to manage my certificates as code.
When I destroy a resource of type
vault_pki_secret_backend_cert
, it is deleted from the Terraform state. But the certificate is going to still be valid.I believe the certificate should be automatically revoked when a resource of type
vault_pki_secret_backend_cert
is destroyed, since revokation is the equivalent of "deleting a certificate" in a PKI.Thank you,
Regards!
The text was updated successfully, but these errors were encountered: