Skip to content

fix: use exisitng priv key for certs renewal when using vault#286

Merged
adityajoshi12 merged 1 commit intohyperledger-bevel:mainfrom
adityajoshi12:channel-pki
Oct 23, 2025
Merged

fix: use exisitng priv key for certs renewal when using vault#286
adityajoshi12 merged 1 commit intohyperledger-bevel:mainfrom
adityajoshi12:channel-pki

Conversation

@adityajoshi12
Copy link
Contributor

@adityajoshi12 adityajoshi12 commented Oct 19, 2025

What this PR does / why we need it:

When using Vault as a PKI, the current certificate reenrollment process uses the issue API to generate new certificates. However, this approach creates a completely new key pair (public and private keys) each time a certificate is renewed.

This change updates the reenrollment logic to instead use the sign API, which allows Vault to sign an existing CSR (Certificate Signing Request). This enables the system to reuse the existing private key while generating a new certificate.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional documentation, usage docs, etc.:

@adityajoshi12
fix: use exisitng priv key for certs renewal when using vault
0ac5416 
Signed-off-by: Aditya Joshi <adityaprakashjoshi1@gmail.com>
@dviejokfs
Copy link
Contributor

dviejokfs commented Oct 23, 2025

Looks good to me

@adityajoshi12 adityajoshi12 merged commit 4bc5b4b into hyperledger-bevel:main Oct 23, 2025
3 checks passed
@adityajoshi12 adityajoshi12 deleted the channel-pki branch November 27, 2025 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dviejokfs dviejokfs Awaiting requested review from dviejokfs

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adityajoshi12 @dviejokfs