apiKeyRef

[cameronclaero]

Hi there, would it be possible to add apiKeyRef, so that a secret can be passed in ?

Thank you

[restebanez]

It'd be great to port the apiKeyRef implementation here.
The current way to pass the Linode token is in plain text :(

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: webhook-linode-dns
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-linode-dns-key
    solvers:
    - dns01:
        webhook:
          solverName: linode
          groupName: acme.cluster.local
          config:
            apiKey: <linode-plain-text-token>

The previous way to pass it was:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: webhook-linode-dns
  namespace: cert-manager
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-linode-dns-key
    solvers:
    - dns01:
        webhook:
          solverName: linode
          groupName: acme.cluster.local
          config:
            apiKeySecretRef: # This doesn't work anymore
               name: dns-scoped-linode-token
               key: token

I've noticed that if you use the apiKeySecretRef way it will fail silently with this message:

find record example.net. _acme-challenge.example.net.                                                                                                                                               
find domain example.net