rdhabalia opened a new pull request #6760: [pulsar-client] Add support to load tls certs/key dynamically from inputstream URL: https://github.com/apache/pulsar/pull/6760 ### Motivation Right now, Pulsar-client provides tls authentication support and default TLS provider `AuthenticationTls` expects file path of cert and key files. However, there are usescases where it will be difficult for user-applications to store certs/key file locally for tls authentication. eg: 1. Applications running on docker or K8s containers will not have certs at defined location and app uses KMS or various key-vault system whose API return streams of certs. 2. Operationally hard to manage key rotation in containers 3. Need to avoid storing key/trust store files on file system for stronger security Therefore, it's good to have mechanism in default `AuthenticationTls` provider to read certs from memory/stream without storing certs on file-system. ### Modification Add Stream support in `AuthenticationTls` to provide X509Certs and PrivateKey which also performs auto-refresh when stream changes in a given provider. ``` AuthenticationTls auth = new AuthenticationTls(certStreamProvider, keyStreamProvider); ``` It will be also address: #5241
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
