I am currently struggeling with the following tasks. I don't want to include my TLS certificates in my templates because

1. I don't want to check in credentials in code management while still checking in the templates

2. I am using multiple Applications with the same Certificate and I don't want to update repos just because I might distribute another certificate

Now my approach is this. I am using Jenkins for my build pipelines. I have a Repo that is used just for certificate management. It will run when updated and distribute the certificate and private key to Openshift Secrets on various clusters.

When running the Template of an application I am retrieving the Information from the secret and setting the values in the route. And here's where things get tricky. I can only use single line values because

1. Openshift templates will not accept multiline parameters with oc process
2. Secrets will not store multiline values

So the solution seemed to be easy. Just store the Certificate with \n and set it in the Route like this. However Openshift will not accept single line certificates resulting in the error

spec.tls.key: Invalid value: "redacted key data": tls: found a certificate rather than a key in the PEM for the private key

Now the solution could be to insert the Certificate as multiple lines directly in the template file before processing and applying it to the cluster but that seems a little bit hacky to me. So my Question is

How can you centrally manage TLS Certificates for your applications and set them correclty in the Templates you're applying?