caddytls: Expand ACME credentials#7554
Conversation
|
|
There was a problem hiding this comment.
Pull request overview
Enables use of global placeholders (e.g. {file./run/secrets/...}) in ACME issuer configuration so values like CA directory endpoints and EAB credentials can be sourced dynamically (e.g. from mounted secrets).
Changes:
- Expand placeholders in
ACMEIssuer.CAduring provisioning. - Expand placeholders in
ACMEIssuer.ExternalAccount(KeyID,MACKey) during provisioning.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Copilot's comments are good. And; Locally, the PR appears to be based on v2.11.2 rather than current master. It is missing Also, a quick question. Should |
This allows using global placeholders such as {file./run/secrets/key_id}
when setting up the tls configuration.
|
Thank you for the feedback @steadytao, I agree that TestCA should be expanded as well. I've rebased onto current master, redacted the mac key, added TestCA expansion and added a simple test for the fields added in this PR. Let me know if you have further comments. |
|
Thank you for the rebase. Looks much better, just did a quick gofmt, after that passes, happy to merge. |
This allows using global placeholders such as
{file./run/secrets/key_id}when setting up the tls configuration.The feature was also requested / discussed at https://caddy.community/t/illegal-base64-data-error-with-file-placeholder-for-eab-secrets/33343
Assistance Disclosure
Copilot was used to locate the file and function that this PR modifies.