load certificate from file

[vhsantos]

Hello there,

We want to deploy webseal using the last certificate from sealed-secret, but for now, the only way that we found to make this is changing it directly on the From.js.

Do you know if it is possible one of this options:

• to load the public certificate from a file or maybe ?
• load the certificate remotely from sealed-secrets services (sealed-secrets-controller.kube-system:8080/v1/cert.pem) ?

Thanks and attentive.

[revolunet]

Hi vhsantos, missed your question, sorry.

Different possibilities :

You could use a build environment variable that contain your key, and rebuild+deploy webseal when necessary. Your CI could regularly rebuild the app with the latest cert, provided as env var at build time.

You cannot get the cert.pem client-side directly, because its hosted at another domain and the sealed-secret server doesnt expose CORS headers. This could be remediated with some nginx headers at the ingress level maybe.

Yet another way is to host the .pem somewhere and use fetch client-side to load it dynamically at runtime from the webseal UI