Hello
I have a running forgeops cluster and need to import an internally signed certificate into the am keystore (keystore.jceks). In a normal deployment of AM, would just do the import / alias the certificate but in a forgeops deployment, looks like the am-keystore is referenced in the SecretAgentConfiguration forgerock-sac. I created a new secret for my custom certificate in the k8s secret store and added the “importkeypair” command to my am-keystore configuration but on re-deploy of am deployment, the keystore is not being updated. Does anyone have a configuration / guide on adding custom saml cert to a forgeops deployment?
forgerock-sac config / am-keystore
# this imports the custom cert for saml signing from different secret / keystore in the environment
- name: samlsigning
cmd: importkeystore
isKeyPair: true
sourcePath: "saml-signing-cert/saml-signing"
cert / secret yaml configuration
apiVersion: v1
data:
ca.pem: <base64 of ca pem file>
saml-signing.pem: <remove base64 encoded pem cert>
saml-signing-private.pem: <removed private base64 pem>
saml-signing-combined.pem: <removed base 64 encoded cert>
kind: Secret
metadata:
name: saml-signing-cert
namespace: fr
Any guides / help you can give with this would be appreciated so can get this cert loaded into my keystore.
Thanks
nick