FoseFx opened a new issue, #11426: URL: https://github.com/apache/apisix/issues/11426
### Description As a user, I want to use files to manage secrets, so that I can load SSL certificates from disk. As far as I can tell, currently, only [vault kv, and the environment](https://apisix.apache.org/docs/apisix/terminology/secret/) are supported secret stores. For large secrets, which may change on occasion, like SSL certificates and keys, I'd like to see `files//` secrets. ## Basic Proposal Simply use the content of the (absolute?) path provided, instead of, for example, `env`. ```diff ssls: - sni: localhost - cert: $env://SSL_CERT_LOCALHOST" + cert: $file:///etc/ssl/localhost.crt" - key: "$env://SSL_KEY_LOCALHOST" + cert: $file:///etc/ssl/localhost.key" ``` ### JSON Additionally, it makes sense to use the established syntax for `env` secrets to access subkeys, if the file contains JSON. `file:///secret.json/apiKey` --- ## Possible Roadblocks Permissions. Ideally, we want to ensure, that whoever is able to configure a key, must ensure they have the permissions to access the file. Please let me know if there is interest for this to come to APISIX, and if this seems like something an external contributor (me) could reasonably implement. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@apisix.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
