Skip to content

Commit 23aa9c3

Browse files
tributtribut
committed
caddytls: Expand ACME credentials
This allows using global placeholders such as {file./run/secrets/key_id} when setting up the tls configuration.
1 parent ffb6ab0 commit 23aa9c3

1 file changed

Lines changed: 27 additions & 0 deletions

File tree

modules/caddytls/acmeissuer.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,33 @@ func (iss *ACMEIssuer) Provision(ctx caddy.Context) error {
140140
iss.Email = email
141141
}
142142

143+
// expand CA endpoint, if non-empty
144+
if iss.CA != "" {
145+
ca, err := repl.ReplaceOrErr(iss.CA, true, true)
146+
if err != nil {
147+
return fmt.Errorf("expanding CA endpoint '%s': %v", iss.CA, err)
148+
}
149+
iss.CA = ca
150+
}
151+
152+
// expand EAB credentials, if non-empty
153+
if iss.ExternalAccount != nil {
154+
if iss.ExternalAccount.KeyID != "" {
155+
keyID, err := repl.ReplaceOrErr(iss.ExternalAccount.KeyID, true, true)
156+
if err != nil {
157+
return fmt.Errorf("expanding EAB key ID '%s': %v", iss.ExternalAccount.KeyID, err)
158+
}
159+
iss.ExternalAccount.KeyID = keyID
160+
}
161+
if iss.ExternalAccount.MACKey != "" {
162+
macKey, err := repl.ReplaceOrErr(iss.ExternalAccount.MACKey, true, true)
163+
if err != nil {
164+
return fmt.Errorf("expanding EAB MAC key '%s': %v", iss.ExternalAccount.MACKey, err)
165+
}
166+
iss.ExternalAccount.MACKey = macKey
167+
}
168+
}
169+
143170
// expand account key, if non-empty
144171
if iss.AccountKey != "" {
145172
accountKey, err := repl.ReplaceOrErr(iss.AccountKey, true, true)

0 commit comments

Comments
 (0)