Add -dev-tls-san flag (#22657)

* Add -dev-tls-san flag This is helpful when wanting to set up a dev server with TLS in Kubernetes and any other situations where the dev server may not be the same machine as the Vault client (e.g. in combination with some /etc/hosts entries) * Automatically add (best-effort only) -dev-listen-address host to extraSANs
2025-11-01 19:17:58 +00:00 · 2023-08-31 23:31:42 +01:00
parent 8da06f9b54
commit 87649219ff
6 changed files with 133 additions and 13 deletions
--- a/command/server/config.go
+++ b/command/server/config.go
@@ -176,13 +176,13 @@ ui = true
 }

 // DevTLSConfig is a Config that is used for dev tls mode of Vault.
-func DevTLSConfig(storageType, certDir string) (*Config, error) {
+func DevTLSConfig(storageType, certDir string, extraSANs []string) (*Config, error) {
 	ca, err := GenerateCA()
 	if err != nil {
 		return nil, err
 	}

-	cert, key, err := GenerateCert(ca.Template, ca.Signer)
+	cert, key, err := generateCert(ca.Template, ca.Signer, extraSANs)
 	if err != nil {
 		return nil, err
 	}