one70six opened a new issue #5241: Pulsar Client - Allow TLS Certs to be loaded from memory URL: https://github.com/apache/pulsar/issues/5241 Currently the Pulsar client allows for the use of TLS certificates to be loaded and passed to the brokers, but these certs have to exist on the file system where the Pulsar client resides. Example: ```java String clientCertPath = "./client1.cert.pem"; String clientCertKeyPath = "./client1.key-pk8.pem"; String tlsTrustCertsFilePath = "./ca.cert.pem"; Map<String, String> authParams = new HashMap<>(); authParams.put("tlsCertFile", clientCertPath); authParams.put("tlsKeyFile", clientCertKeyPath); PulsarClient client = PulsarClient.builder() .serviceUrl(SERVICE_URL) .tlsTrustCertsFilePath(tlsTrustCertsFilePath) .authentication(AuthenticationTls.class.getName(), authParams) .build(); ``` **Describe the solution you'd like** Allow the authentication portion of the client builder to accept strings from memory, as well as, file paths. This way you can: - utilize certificate vaults such as Pivotal Hashi-Vault to store your client certs - call the cert vault API to obtain the certs - pass them to the Pulsar client - and off you go! Today this model works by: - call the cert vault API to obtain the certs - create physical certs on the file system from the certs you now have in memory - load the physical certs from the file system into Pulsar client Allowing them to be loaded via memory would be more efficient when using certificate vaults. Thanks!
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services