Credential config for QA-connector, SC-2670

2025-02-19 15:09:38 +01:00 · 2025-02-19 15:09:38 +01:00 · 90493283f7
commit 90493283f7
parent 27606e9f71
2 changed files with 7 additions and 139 deletions
--- a/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml
+++ b/connector-qa-sto1-1.komreg.net/overlay/etc/hiera/data/local.eyaml
--- a/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb
+++ b/global/overlay/etc/puppet/modules/eid/templates/connector/application-qa.yml.erb
@ -60,32 +60,15 @@ management:

 credential:
  bundles:
-    keystore:
-      pkcs11-store:
-        type: PKCS11
-        provider: SunPKCS11
-        password: ${PKCS11_PIN}
-        pkcs11:
-          configuration-file: ${CONNECTOR_DIRECTORY}/credentials/pkcs11.cfg
-    jks:
+    pem:
      connector-sign:
        name: "Connector Signing Credential"
-        store-reference: pkcs11-store
-        key:
-          certificates: file:${CONNECTOR_DIRECTORY}/credentials/sign.crt
-          # The alias should be the name of the CKA_LABEL attribute
-          alias: sc_eidas_sign
-          key-password: ${PKCS11_PIN}
-        monitor: true
+        certificates: file:${CONNECTOR_DIRECTORY}/credentials/metadata.crt
+        private-key: file:${CONNECTOR_DIRECTORY}/credentials/metadata.key
      connector-encrypt:
        name: "Connector Encryption Credential"
-        store-reference: pkcs11-store
-        key:
-          # certificates: file:${CONNECTOR_DIRECTORY}/credentials/enc.crt
-          # The alias should be the name of the CKA_LABEL attribute
-          alias: sc_eidas_encrypt
-          key-password: ${PKCS11_PIN}
-        monitor: true
+        certificates: file:${CONNECTOR_DIRECTORY}/credentials/connector.crt
+        private-key: file:${CONNECTOR_DIRECTORY}/credentials/connector.key
    monitoring:
      enabled: true
      test-interval: 10m