K
Q

How do I store and retrieve signing credentials for IdentityServer4 deployed to Kubernetes?

1/18/2020

I'm in the process of implementing IdentityServer4 into my ASP.NET Core web application, which will be deployed to a Kubernetes cluster using Continuous Deployment.

The documentation talks about adding signing credentials (AddSigningCredential) and most tutorials/guides demonstrate how to use this by loading a .pfx file from the file system, or by using the local certificate store and searching by the subject name.

Is there a commonly accepted way of storing, retrieving and rotating the signing credentials when deployed to a Kubernetes cluster with minimal intervention?

-- EoinAviation
asp.net-core
identityserver4
kubernetes

Similar Questions

Accessing database with pgAdmin in Kubernetes cluster
Helm optional nested variables
Approved Kubernetes CSR, but certificate not shown in status
Unable to import grafana json file via the grafana helm chart
Minikube: bash: /usr/local/bin/minikube: No such file or directory
CI/CD Kubernetes Deployment using Github Actions
The connection to the server localhost:8080 was refused when the configuration does not point to localhost
Update helm chart values for different environments

1 Answer

1/18/2020

I think using a secret is the best option in Kubernetes. K8s have a secret kind that can be deployed with other ressource, here is a link to the official doc: https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/ Or you could also use another secret manager , like Vault. If I am not mistaken , I think it's the best practice.

-- Popopame
Source: StackOverflow