Ottomata has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/404706 )
Change subject: Update secrets/certificates with deployment-prep certs for TLS
Kafka
......................................................................
Update secrets/certificates with deployment-prep certs for TLS Kafka
Bug: T121561
Change-Id: I93e5325b6a2e78c4a62032a42c4e8f876853708c
---
M modules/secret/secrets/certificates/certificates.manifests.d/README
A
modules/secret/secrets/certificates/certificates.manifests.d/deployment_prep.certs.yaml
M
modules/secret/secrets/certificates/certificates.manifests.d/local_ca.certs.yaml
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/ca.crt.pem
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.crt.pem
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.csr.pem
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.private.pem
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.public.pem
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.jks
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.p12
A
modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/truststore.jks
A modules/secret/secrets/certificates/kafka_jumbo-eqiad_broker/README
A modules/secret/secrets/certificates/kafka_test/ca.crt.pem
A modules/secret/secrets/certificates/kafka_test/kafka_test.crt.pem
A modules/secret/secrets/certificates/kafka_test/kafka_test.csr.pem
A modules/secret/secrets/certificates/kafka_test/kafka_test.key.private.pem
A modules/secret/secrets/certificates/kafka_test/kafka_test.key.public.pem
A modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.jks
A modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.p12
A modules/secret/secrets/certificates/kafka_test/truststore.jks
A modules/secret/secrets/certificates/local_ca/ca.crt.pem
M modules/secret/secrets/certificates/local_ca/local_ca.crt.pem
M modules/secret/secrets/certificates/local_ca/local_ca.csr.pem
M modules/secret/secrets/certificates/local_ca/local_ca.key.private.pem
M modules/secret/secrets/certificates/local_ca/local_ca.key.public.pem
M modules/secret/secrets/certificates/local_ca/local_ca.keystore.jks
M modules/secret/secrets/certificates/local_ca/local_ca.keystore.p12
M modules/secret/secrets/certificates/local_ca/truststore.jks
A modules/secret/secrets/certificates/varnishkafka-deployment-prep/ca.crt.pem
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/truststore.jks
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.crt.pem
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.csr.pem
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.private.pem
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.public.pem
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.jks
A
modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.p12
A modules/secret/secrets/certificates/varnishkafka/README
A modules/secret/secrets/certificates/varnishkafka/ca.crt.pem
38 files changed, 375 insertions(+), 28 deletions(-)
Approvals:
Ottomata: Verified; Looks good to me, approved
diff --git
a/modules/secret/secrets/certificates/certificates.manifests.d/README
b/modules/secret/secrets/certificates/certificates.manifests.d/README
index b27fb4e..214476c 100644
--- a/modules/secret/secrets/certificates/certificates.manifests.d/README
+++ b/modules/secret/secrets/certificates/certificates.manifests.d/README
@@ -4,6 +4,23 @@
To generate these, use the cergen CLI like:
-cergen --base-path /srv/private/modules/secret/secrets/certificates --generate
+ cergen --base-path /srv/private/modules/secret/secrets/certificates
--generate \
/srv/private/modules/secret/secrets/certificates/certificate.manifests.d
+
+deployment-prep certificates are signed by the deployment-prep puppetmaster.
+To generate these, log into the deployment-prep puppetmaster and run:
+
+ KEYTOOL_BIN=/usr/lib/jvm/java-8-openjdk-amd64/bin/keytool cergen --base-path
/tmp/certificates --generate \
+
/var/lib/git/labs/private/modules/secret/secrets/certificates/certificate.manifests.d
+
+(NOTE: Java 7's keytool does not work with EC keys, so we set KEYTOOL_BIN to
Java 8's.
+This is necessary while puppetmaster is still jessie with default JRE as Java
7.)
+
+Then rsync the /tmp/certificates directory down into your local working copy
of labs-private:
+
+ rsync -av deployment-puppetmaster02.eqiad.wmflabs:/tmp/certificates/
./modules/secret/secrets/certificates/
+
+and commit the changes. Note that this commits the private keys to this
public repo.
+This should be fine, as this repo is intended to be a dummy for testing puppet
stuff in labs!
+
diff --git
a/modules/secret/secrets/certificates/certificates.manifests.d/deployment_prep.certs.yaml
b/modules/secret/secrets/certificates/certificates.manifests.d/deployment_prep.certs.yaml
new file mode 100644
index 0000000..af893e7
--- /dev/null
+++
b/modules/secret/secrets/certificates/certificates.manifests.d/deployment_prep.certs.yaml
@@ -0,0 +1,29 @@
+# This CA can be used in the deployment-prep Cloud VPS project
+# by the deployment-prep puppetmaster to sign certiifcates.
+deployment_prep_puppet_ca:
+ class_name: puppet
+ # If the deployment-prep puppetmaster changes,
+ # this will need to be changed too.
+ hostname: deployment-puppetmaster02.deployment-prep.eqiad.wmflabs
+
+kafka_jumbo-deployment-prep_broker:
+ authority: deployment_prep_puppet_ca
+ expiry: null
+ key:
+ password: qwerty
+ algorithm: ec
+
+varnishkafka-deployment-prep:
+ authority: deployment_prep_puppet_ca
+ expiry: null
+ key:
+ password: qwerty
+ algorithm: ec
+
+# Certificate to test Kafka clients and ACLs.
+kafka_test:
+ authority: deployment_prep_puppet_ca
+ expiry: null
+ key:
+ password: qwerty
+ algorithm: ec
diff --git
a/modules/secret/secrets/certificates/certificates.manifests.d/local_ca.certs.yaml
b/modules/secret/secrets/certificates/certificates.manifests.d/local_ca.certs.yaml
index 688af3a..696669a 100644
---
a/modules/secret/secrets/certificates/certificates.manifests.d/local_ca.certs.yaml
+++
b/modules/secret/secrets/certificates/certificates.manifests.d/local_ca.certs.yaml
@@ -1,4 +1,4 @@
-# This is a local self signed CA. It will be used to sign other certificates.
+# This is a local self signed CA. It can be used to sign other certificates.
local_ca:
is_authority: true
subject:
@@ -9,5 +9,7 @@
expiry: 36500
key:
password: qwerty
- algorithm: ec
+ # We choose RSA here so we can use the same algorithm
+ # that Puppet CA does.
+ algorithm: rsa
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/ca.crt.pem
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/ca.crt.pem
new file mode 100644
index 0000000..94fc1e6
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/ca.crt.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTYxMDMxMjA1NzI2WhcNMjExMDMxMjA1NzI2WjBN
+MUswSQYDVQQDDEJQdXBwZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIu
+ZGVwbG95bWVudC1wcmVwLmVxaWFkLndtZmxhYnMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCj7EjIftvCNetx3t8X3sYk7kGOrblN7CmuR3Xd2/TNCIjz
+x5+18qkFInULhHVh0VTf1xq0a/mT5f76EGtXQtIMAeRGb9XpKsRpX0PwPylfRwDe
+y+mKSF+i60VtyEPy05lTmWwfVTruunal/nG1lEIxMJ5EN+M5YqBYq2x5alLN4odO
+pWTDuyQg2XALA//thtgE5Pt+6vA4U3QeHapz74HlDK7Lve46E4RVbAKhLZ7y6j+R
++FffACuQ0oONjjWhUqkIK/xIieFbURxBBdpT33Nk0H7xBCe9b4LgOn6ncnhLdkv3
+rZzjGNSLS9iXqI/tOV/B5aB3uOeHHtv6XvWby7Jqj1mt9LRWp95A/BElgpx0E99I
+aJp6FEqxBRZGTfSI1WV1Jaup7jDP03VB6LNYuITLYMoFTaZpBsR4hWSoxO40zV52
+/MHLOKjlcWTrfRNl8C2+fbudpO5rBJQQnB3GQQYJhpIL9ghGB4SXU/9xQ/pp1XE6
+8y4k7xNEUcJ1c9q46Dy9PNpVLUxvJ2H1bPTvpp1Y2SS8oHR91T27ycatyxOK/LYz
+aKU9CkCPcGjlL0AheLO+wsuCnlAlfJggB4qub15VRaV7AahZuDI/c5aI1t3cpfSq
+GbscItGhUcCnUrGWv8HZWXXbaJcD4K0avB6dlmVYc4kdTKGS9LYz4vo39smqCwID
+AQABo4HbMIHYMDUGCWCGSAGG+EIBDQQoUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRl
+cm5hbCBDZXJ0aWZpY2F0ZTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUwombKeKOHsR4x6TOvuqVVOwmkgYwXwYDVR0jBFgwVqFRpE8w
+TTFLMEkGA1UEAwxCUHVwcGV0IENBOiBkZXBsb3ltZW50LXB1cHBldG1hc3RlcjAy
+LmRlcGxveW1lbnQtcHJlcC5lcWlhZC53bWZsYWJzggEBMA0GCSqGSIb3DQEBCwUA
+A4ICAQADgWeHkAnj9Uw9Bo184ckVQkxJlRxOffjaWMov+fu7DFAtJoeT3Hurd3GZ
+BDgKBnFf8Vy3ilISMj2wwoginJerGY1Befd5jH/gaXjzPNRLCk7zf8uQ9TZphfDV
+PCW1FPCgfrDqpuUN7WuLlbYln36xPsWGg/ctOGszI/Rzg7Jf27+D2pvbyYrWtybL
+g1v3B0zSRAp7atLAVG0LXay76iTk/WxFDreWF9nxDKtem5dSNs5KFCEwGa8m4MQR
+qf28Wsq/bSpXnvjo1nvKPT6sUuo2U1Bomnea/gMyujgu3zcIJDymOhbIiRnOOVdA
+xfROjiHT9BXr8eSWHORxpHa0C8l8+ua5JMY8iGekG5+9UASUsw1PNRDwLrxBH+02
+0UJg+CdUjuDVxijXPTVz1/oT5ZKs8vQNUmvA4HR1qBuRgayMPMiO848dqwJUT96m
+p8XkDYqGXpYpPgKfJTdchtEfEXXakbU+ZLDs0zIVZ9dml8FvG3PB8tQcGBVZI1jG
+0MkI1sOQ2eY+9dj2wYfzZtzAdp6T+V2Q2nRMfA6ifWgEfgfFC+754cJ/IrBjcKpW
+hV0+QqNse8iiVt1494Y+/shvHg7rx4jVjO4AkF9y9BPn6IhvxoNPEEKGaKpGtS8F
+G1BZyQregyCxUwfg/LfR4X6X/anXtq7T5sbpWzolkAGnxxQccA==
+-----END CERTIFICATE-----
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.crt.pem
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.crt.pem
new file mode 100644
index 0000000..9d3f6aa
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.crt.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID5zCCAc+gAwIBAgIBfjANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTgwMTE2MTYyNDQ5WhcNMjMwMTE2MTYyNDQ5WjAt
+MSswKQYDVQQDDCJrYWZrYV9qdW1iby1kZXBsb3ltZW50LXByZXBfYnJva2VyMFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+a9eW7O6yMwdeKNiPbCfI+asPMNBIF5Z
+fBr3jd9biCUHfS15MN3isZsoqoRA6iQeZNl+EUU0vCwvjNKJ8xI9LKOBvDCBuTA3
+BglghkgBhvhCAQ0EKgwoUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRlcm5hbCBDZXJ0
+aWZpY2F0ZTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRyPSJbEDsSDm1WKH7+xrlD
+ogeCbzAfBgNVHSMEGDAWgBTCiZsp4o4exHjHpM6+6pVU7CaSBjAOBgNVHQ8BAf8E
+BAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3
+DQEBCwUAA4ICAQBR/yvk+N/G9vLZwHyMSw6F+BdKpL3bSHOBYeslcuoJhYuQ1zJ7
+Xx3+Aw1iKKWMVS4tpknfbU3dIFWVqYZ8BWepkaDFkNsHwKAs+x5vW6Olq4T4SXbv
+hqbTJyJsxd+/VMpeP3AED1c7G/o6eeaAcEkDmT4sFo3a4grI0//GFoyADt33rpRH
+ws5f+gfcUq/PGlZ2IeOKIkWwamhAzc4ysQ8CPjzcy19W86+JXovzmh0OXt+imK5C
+F4DqBqQmYIo75+lt2jlMPCVkuId/ITlpxF8o9SDS7p+05H9A38Rnbmv03hssbesT
+fOpGr3DgOGCpJifanwKEHwUGBi7doAy2DQktG1Rniz/fmF/w+XaPPGtZ0H4XwsRS
+cIEnR66psITRfvcx/9IAdQy78f9TOhRT2BLgI4vJnEUG+fydPh7Yc87aPDn8hGIp
+TRh390aRtdanu6zu/2KxdltHpn+aupAyujzYf0aLFGopNVTQjYf96kAnVbJrD9io
+eN55cWMJlDPfRFbNMvTRsjIGMD+GPFPSr8em0kqsz/2sGNDMft2LqVVjMVpCjC1/
+VSN6w3RhzSie3fIbvt0as2I8mpJjaHmjrLCkLeuuRrOWmuYZMneWzx2JbxS9xIE5
+KgkTtPECvC/7vvXW8C7uoPNTL9uCWBzMs0OetaHrWNNaKHJyIJiNBRrF1Q==
+-----END CERTIFICATE-----
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.csr.pem
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.csr.pem
new file mode 100644
index 0000000..33da9e2
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBRzCB7gIBADAtMSswKQYDVQQDDCJrYWZrYV9qdW1iby1kZXBsb3ltZW50LXBy
+ZXBfYnJva2VyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+a9eW7O6yMwdeKNi
+PbCfI+asPMNBIF5ZfBr3jd9biCUHfS15MN3isZsoqoRA6iQeZNl+EUU0vCwvjNKJ
+8xI9LKBfMF0GCSqGSIb3DQEJDjFQME4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+cj0iWxA7Eg5tVih+/sa5Q6IHgm8wHwYDVR0jBBgwFoAUwombKeKOHsR4x6TOvuqV
+VOwmkgYwCgYIKoZIzj0EAwIDSAAwRQIhAOhyytwOPMLoCjzvUsGw8LN0EdzRquSM
+ZiqX8Hmio2GIAiBuCM5OgG3Mq2Knkhpu6pPAVXyfCrbYNvhIBHN0Ko45Mw==
+-----END CERTIFICATE REQUEST-----
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.private.pem
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.private.pem
new file mode 100644
index 0000000..fed2369
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.private.pem
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiqvn7sokvU5wICCAAw
+HQYJYIZIAWUDBAEqBBC9WeHMt9AOM081tRj9Kni8BIGQ4zj6OVRP5iBZxjUwhh1G
+zoXYBKWnKRXRfd8ffPHhO8/TAN146NhSmnq+d0h3mwnBFRsAJ54xI59a9VCo910m
+j0UoXe41uFcciaGjlw4nY5sWxAeMvbA9fezBQ6waFc8lCEsZdnCiQSPJrh4UWyGk
+8y2vE679/FQFsALokvczX2Tdi29IEcE9M5QegG/C2Alm
+-----END ENCRYPTED PRIVATE KEY-----
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.public.pem
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.public.pem
new file mode 100644
index 0000000..4091133
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.key.public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+a9eW7O6yMwdeKNiPbCfI+asPMNB
+IF5ZfBr3jd9biCUHfS15MN3isZsoqoRA6iQeZNl+EUU0vCwvjNKJ8xI9LA==
+-----END PUBLIC KEY-----
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.jks
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.jks
new file mode 100644
index 0000000..7d1308b
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.p12
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.p12
new file mode 100644
index 0000000..c4e3d0b
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/kafka_jumbo-deployment-prep_broker.keystore.p12
Binary files differ
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/truststore.jks
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/truststore.jks
new file mode 100644
index 0000000..f7fc318
--- /dev/null
+++
b/modules/secret/secrets/certificates/kafka_jumbo-deployment-prep_broker/truststore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/kafka_jumbo-eqiad_broker/README
b/modules/secret/secrets/certificates/kafka_jumbo-eqiad_broker/README
new file mode 100644
index 0000000..7d8fc81
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_jumbo-eqiad_broker/README
@@ -0,0 +1 @@
+These are dummy files to make Puppet Catalog Compiler happy.
diff --git a/modules/secret/secrets/certificates/kafka_test/ca.crt.pem
b/modules/secret/secrets/certificates/kafka_test/ca.crt.pem
new file mode 100644
index 0000000..94fc1e6
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/ca.crt.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTYxMDMxMjA1NzI2WhcNMjExMDMxMjA1NzI2WjBN
+MUswSQYDVQQDDEJQdXBwZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIu
+ZGVwbG95bWVudC1wcmVwLmVxaWFkLndtZmxhYnMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCj7EjIftvCNetx3t8X3sYk7kGOrblN7CmuR3Xd2/TNCIjz
+x5+18qkFInULhHVh0VTf1xq0a/mT5f76EGtXQtIMAeRGb9XpKsRpX0PwPylfRwDe
+y+mKSF+i60VtyEPy05lTmWwfVTruunal/nG1lEIxMJ5EN+M5YqBYq2x5alLN4odO
+pWTDuyQg2XALA//thtgE5Pt+6vA4U3QeHapz74HlDK7Lve46E4RVbAKhLZ7y6j+R
++FffACuQ0oONjjWhUqkIK/xIieFbURxBBdpT33Nk0H7xBCe9b4LgOn6ncnhLdkv3
+rZzjGNSLS9iXqI/tOV/B5aB3uOeHHtv6XvWby7Jqj1mt9LRWp95A/BElgpx0E99I
+aJp6FEqxBRZGTfSI1WV1Jaup7jDP03VB6LNYuITLYMoFTaZpBsR4hWSoxO40zV52
+/MHLOKjlcWTrfRNl8C2+fbudpO5rBJQQnB3GQQYJhpIL9ghGB4SXU/9xQ/pp1XE6
+8y4k7xNEUcJ1c9q46Dy9PNpVLUxvJ2H1bPTvpp1Y2SS8oHR91T27ycatyxOK/LYz
+aKU9CkCPcGjlL0AheLO+wsuCnlAlfJggB4qub15VRaV7AahZuDI/c5aI1t3cpfSq
+GbscItGhUcCnUrGWv8HZWXXbaJcD4K0avB6dlmVYc4kdTKGS9LYz4vo39smqCwID
+AQABo4HbMIHYMDUGCWCGSAGG+EIBDQQoUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRl
+cm5hbCBDZXJ0aWZpY2F0ZTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUwombKeKOHsR4x6TOvuqVVOwmkgYwXwYDVR0jBFgwVqFRpE8w
+TTFLMEkGA1UEAwxCUHVwcGV0IENBOiBkZXBsb3ltZW50LXB1cHBldG1hc3RlcjAy
+LmRlcGxveW1lbnQtcHJlcC5lcWlhZC53bWZsYWJzggEBMA0GCSqGSIb3DQEBCwUA
+A4ICAQADgWeHkAnj9Uw9Bo184ckVQkxJlRxOffjaWMov+fu7DFAtJoeT3Hurd3GZ
+BDgKBnFf8Vy3ilISMj2wwoginJerGY1Befd5jH/gaXjzPNRLCk7zf8uQ9TZphfDV
+PCW1FPCgfrDqpuUN7WuLlbYln36xPsWGg/ctOGszI/Rzg7Jf27+D2pvbyYrWtybL
+g1v3B0zSRAp7atLAVG0LXay76iTk/WxFDreWF9nxDKtem5dSNs5KFCEwGa8m4MQR
+qf28Wsq/bSpXnvjo1nvKPT6sUuo2U1Bomnea/gMyujgu3zcIJDymOhbIiRnOOVdA
+xfROjiHT9BXr8eSWHORxpHa0C8l8+ua5JMY8iGekG5+9UASUsw1PNRDwLrxBH+02
+0UJg+CdUjuDVxijXPTVz1/oT5ZKs8vQNUmvA4HR1qBuRgayMPMiO848dqwJUT96m
+p8XkDYqGXpYpPgKfJTdchtEfEXXakbU+ZLDs0zIVZ9dml8FvG3PB8tQcGBVZI1jG
+0MkI1sOQ2eY+9dj2wYfzZtzAdp6T+V2Q2nRMfA6ifWgEfgfFC+754cJ/IrBjcKpW
+hV0+QqNse8iiVt1494Y+/shvHg7rx4jVjO4AkF9y9BPn6IhvxoNPEEKGaKpGtS8F
+G1BZyQregyCxUwfg/LfR4X6X/anXtq7T5sbpWzolkAGnxxQccA==
+-----END CERTIFICATE-----
diff --git a/modules/secret/secrets/certificates/kafka_test/kafka_test.crt.pem
b/modules/secret/secrets/certificates/kafka_test/kafka_test.crt.pem
new file mode 100644
index 0000000..0644284
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.crt.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAbegAwIBAgIBfzANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTgwMTE2MTYyNDU1WhcNMjMwMTE2MTYyNDU1WjAV
+MRMwEQYDVQQDDAprYWZrYV90ZXN0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+17NkycA/GnrCUkZLJ0KDoYJh1bi2y5HC4r2W8JczGWaqiEN52rFLyrOg5tPsb9qt
+FVeuWSowEdgApuypJV+wW6OBvDCBuTA3BglghkgBhvhCAQ0EKgwoUHVwcGV0IFJ1
+YnkvT3BlblNTTCBJbnRlcm5hbCBDZXJ0aWZpY2F0ZTAMBgNVHRMBAf8EAjAAMB0G
+A1UdDgQWBBTQ5TiSJQG4EpAGyVHkuUZauZreKTAfBgNVHSMEGDAWgBTCiZsp4o4e
+xHjHpM6+6pVU7CaSBjAOBgNVHQ8BAf8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4ICAQBIXUvlyHjoAiOew5Wf
+YUxaA+0QnfvbV1Pgy2U+K3KQEIEfnUbfaj+SJBotsuMkldpBoOSpUjJYsSsiE/kS
+n0UrIKUFjDrVnfO5lqtIAcg4knFjC9T7Kdljbemgy3raYPXKnm2aFBO1Pn/vPmGS
+Dfow+s27VfyXsvH3SlVZ2q6AEwQA8nW8opWJ9J6mbqt5r+VoOuIXdefMuQC8yJVy
+F85BSpxr2UKr8ZYTcBP6s8yJKPfmBppcBB4+cfvJ9ygYQxu/kf8huZfVpc9FaV1G
+HClGnm3NlOAp66alyBcMRLaioXNMaAPUl/bLNK7+MdII9lbrcbzX58nmG3fawizg
+efA1eNL39SLofvmqKcz8kRdeN3uFDw+7xmyhPzm61LbvIIfbZ/TsIKMw949ovHg4
+br9HAC8eZBQxrFMAIaKEkY7AiZjuVleAMmYShVoLvaRO5b2Xs5jCF1b5dvH1h+sZ
+CjCls41ycsXY0Sz/tPXNssFMRTq0vyNXrjeL6LXIOHGIlCiBByixnYAoow+XlakM
+r3NjbAce2ppvJfb7et2D0TKwGf2ZR14n1vow3/Rczxdx8gRPEkHo5pa2NOujsxTl
+4zURxpTFE8do0HqLdrRP0ok4LJcyiSfHHdq4WHEapZ6aHwjUOsSN9+QZkp7mUZ6Z
+EZLZROuCA8PYOqsg/+IXmUrQpA==
+-----END CERTIFICATE-----
diff --git a/modules/secret/secrets/certificates/kafka_test/kafka_test.csr.pem
b/modules/secret/secrets/certificates/kafka_test/kafka_test.csr.pem
new file mode 100644
index 0000000..1a63a19
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBLzCB1gIBADAVMRMwEQYDVQQDDAprYWZrYV90ZXN0MFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAE17NkycA/GnrCUkZLJ0KDoYJh1bi2y5HC4r2W8JczGWaqiEN5
+2rFLyrOg5tPsb9qtFVeuWSowEdgApuypJV+wW6BfMF0GCSqGSIb3DQEJDjFQME4w
+DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0OU4kiUBuBKQBslR5LlGWrma3ikwHwYD
+VR0jBBgwFoAUwombKeKOHsR4x6TOvuqVVOwmkgYwCgYIKoZIzj0EAwIDSAAwRQIg
+TVQhRCIfB5VF+75SDdMcLWvNbwuf4XDNujlEx0mjzS4CIQD0GvanP6QNqponJiPm
+cW1sNXdd7FCyhdIO+s38ald9FA==
+-----END CERTIFICATE REQUEST-----
diff --git
a/modules/secret/secrets/certificates/kafka_test/kafka_test.key.private.pem
b/modules/secret/secrets/certificates/kafka_test/kafka_test.key.private.pem
new file mode 100644
index 0000000..f257940
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.key.private.pem
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAixwiiAH4I7lwICCAAw
+HQYJYIZIAWUDBAEqBBCnlocAXhJLDU8TCHNge/emBIGQoZeGOpV4u8HWgXsYhebE
+oeNBrdL5bvvlLu7xzanoXBR4lBo0mYaYA0kmZv3LJRlmodMrYUU+XrYaiJs9ZNcn
+Ixl0n/bG+HBZmS9MfDyNvqx2psjCI10ErurSYGGtG9L+VRVFCCrNLAZ3FmrWBs5e
+fQot6MmF94B4G1nydRWa2U3LtGfc/7bDV+RRT+sQv2Jb
+-----END ENCRYPTED PRIVATE KEY-----
diff --git
a/modules/secret/secrets/certificates/kafka_test/kafka_test.key.public.pem
b/modules/secret/secrets/certificates/kafka_test/kafka_test.key.public.pem
new file mode 100644
index 0000000..bd81048
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.key.public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE17NkycA/GnrCUkZLJ0KDoYJh1bi2
+y5HC4r2W8JczGWaqiEN52rFLyrOg5tPsb9qtFVeuWSowEdgApuypJV+wWw==
+-----END PUBLIC KEY-----
diff --git
a/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.jks
b/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.jks
new file mode 100644
index 0000000..8463727
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.p12
b/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.p12
new file mode 100644
index 0000000..d3ab373
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/kafka_test.keystore.p12
Binary files differ
diff --git a/modules/secret/secrets/certificates/kafka_test/truststore.jks
b/modules/secret/secrets/certificates/kafka_test/truststore.jks
new file mode 100644
index 0000000..dc7f650
--- /dev/null
+++ b/modules/secret/secrets/certificates/kafka_test/truststore.jks
Binary files differ
diff --git a/modules/secret/secrets/certificates/local_ca/ca.crt.pem
b/modules/secret/secrets/certificates/local_ca/ca.crt.pem
new file mode 100644
index 0000000..3ffa9d2
--- /dev/null
+++ b/modules/secret/secrets/certificates/local_ca/ca.crt.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIUGS/2AoaId1ZuoKbFG1EmyZcmEtswDQYJKoZIhvcNAQEL
+BQAwZDERMA8GA1UEAwwIbG9jYWxfY2ExCzAJBgNVBAYTAlVTMRYwFAYDVQQHDA1T
+YW4gRnJhbmNpc2NvMR0wGwYDVQQKDBRXaWtpbWVkaWEgRm91bmRhdGlvbjELMAkG
+A1UECAwCQ0EwIBcNMTgwMTE3MTYyNDUxWhgPMjExNzEyMjQxNjI0NDRaMGQxETAP
+BgNVBAMMCGxvY2FsX2NhMQswCQYDVQQGEwJVUzEWMBQGA1UEBwwNU2FuIEZyYW5j
+aXNjbzEdMBsGA1UECgwUV2lraW1lZGlhIEZvdW5kYXRpb24xCzAJBgNVBAgMAkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GIjKzPU5sUb7xZkadpY
+OOakCWGTsER3NucmMnuyhkbZaK+f03/klfhVzgQ9BB+EG3iXpF4HO+M9VXA/rcin
+Da2qAvhLOlDJ4frh1fzAzc2pOtZJZKbEVP6ECJOyh3LdA3V83djzeLfNaZG7OxAC
+xLN0aRx66sOTvaV0k3VFQca12ME76pjKGH4QPmND8Gi2VQfi7rOrciFcYa1JfxZR
+1K/rTcMXFYjhenstrh41eRu4jj1D2flaMSfixW543nyQ1eut7OphPUhcdl4nwgzA
+2petAEUYKsrWvJAh6DDfspYZW+3JFaRhnBS0Q5DWha4r7UoerwkKKglnLZiTLTVd
+2wIDAQABozIwMDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7ZL3EZ4E7m7hj
+WUflM26tJ4fZEzANBgkqhkiG9w0BAQsFAAOCAQEALI1ai1wj5tFYyx7jPdfPJI/X
+ziPKNWNokk1oxQNvhibEn+TPxL65L8R7PLBJrBNgih5LLwVZVYkrXBuKdAL39UUf
+KGOwo+3m1/xdhz6oCBOXMbNBU602/fCnKaHAH7gYdsDnih/YPbP3svf7XQgsMzXj
+uPycbkIxkWZbustKy4J0zRx2zHOrCgpPm0HPWCtfkWtP5mETaPxQJ68bPDNKh5ve
+Qfj7mugHlDjqnqtBKFdKaeJkcaPU7a50Grj3f/Fsv0baibdjN10vLf6Ssy9BVcNK
+3zUTOUuI9aLTNb3Ehi0erUsVaRDUiR0UcGS4tczVCiEXpyMORW9ydGDnGTu0Ug==
+-----END CERTIFICATE-----
diff --git a/modules/secret/secrets/certificates/local_ca/local_ca.crt.pem
b/modules/secret/secrets/certificates/local_ca/local_ca.crt.pem
index 5f6160f..3ffa9d2 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.crt.pem
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.crt.pem
@@ -1,13 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIB/jCCAaSgAwIBAgIUWt71aKMmJiz+pIbAWGiSptsPzu8wCgYIKoZIzj0EAwIw
-ZDERMA8GA1UEAwwIbG9jYWxfY2ExCzAJBgNVBAYTAlVTMRYwFAYDVQQHDA1TYW4g
-RnJhbmNpc2NvMR0wGwYDVQQKDBRXaWtpbWVkaWEgRm91bmRhdGlvbjELMAkGA1UE
-CAwCQ0EwIBcNMTcxMTMwMTczMTE1WhgPMjExNzExMDYxNzMxMTVaMGQxETAPBgNV
-BAMMCGxvY2FsX2NhMQswCQYDVQQGEwJVUzEWMBQGA1UEBwwNU2FuIEZyYW5jaXNj
-bzEdMBsGA1UECgwUV2lraW1lZGlhIEZvdW5kYXRpb24xCzAJBgNVBAgMAkNBMFkw
-EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP691bFbF23csdI9LamMWl8uva2XDGpAg
-4G/tlOZFpFbjsnczgID0q1TuSXS+1efIjM44R8OE/b8xLPj/K0SLe6MyMDAwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8dh5td78aolhFU66+AbSI2X+RrIwCgYI
-KoZIzj0EAwIDSAAwRQIgNbyGel1YP2GbmsR/Erw2Qp61QYa1cQuziy4AeoCgQqEC
-IQDMxm4AOA3eDVJNtULbi9vumZsBoAx+gR5WPVSKBtLmCw==
+MIIDijCCAnKgAwIBAgIUGS/2AoaId1ZuoKbFG1EmyZcmEtswDQYJKoZIhvcNAQEL
+BQAwZDERMA8GA1UEAwwIbG9jYWxfY2ExCzAJBgNVBAYTAlVTMRYwFAYDVQQHDA1T
+YW4gRnJhbmNpc2NvMR0wGwYDVQQKDBRXaWtpbWVkaWEgRm91bmRhdGlvbjELMAkG
+A1UECAwCQ0EwIBcNMTgwMTE3MTYyNDUxWhgPMjExNzEyMjQxNjI0NDRaMGQxETAP
+BgNVBAMMCGxvY2FsX2NhMQswCQYDVQQGEwJVUzEWMBQGA1UEBwwNU2FuIEZyYW5j
+aXNjbzEdMBsGA1UECgwUV2lraW1lZGlhIEZvdW5kYXRpb24xCzAJBgNVBAgMAkNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GIjKzPU5sUb7xZkadpY
+OOakCWGTsER3NucmMnuyhkbZaK+f03/klfhVzgQ9BB+EG3iXpF4HO+M9VXA/rcin
+Da2qAvhLOlDJ4frh1fzAzc2pOtZJZKbEVP6ECJOyh3LdA3V83djzeLfNaZG7OxAC
+xLN0aRx66sOTvaV0k3VFQca12ME76pjKGH4QPmND8Gi2VQfi7rOrciFcYa1JfxZR
+1K/rTcMXFYjhenstrh41eRu4jj1D2flaMSfixW543nyQ1eut7OphPUhcdl4nwgzA
+2petAEUYKsrWvJAh6DDfspYZW+3JFaRhnBS0Q5DWha4r7UoerwkKKglnLZiTLTVd
+2wIDAQABozIwMDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT7ZL3EZ4E7m7hj
+WUflM26tJ4fZEzANBgkqhkiG9w0BAQsFAAOCAQEALI1ai1wj5tFYyx7jPdfPJI/X
+ziPKNWNokk1oxQNvhibEn+TPxL65L8R7PLBJrBNgih5LLwVZVYkrXBuKdAL39UUf
+KGOwo+3m1/xdhz6oCBOXMbNBU602/fCnKaHAH7gYdsDnih/YPbP3svf7XQgsMzXj
+uPycbkIxkWZbustKy4J0zRx2zHOrCgpPm0HPWCtfkWtP5mETaPxQJ68bPDNKh5ve
+Qfj7mugHlDjqnqtBKFdKaeJkcaPU7a50Grj3f/Fsv0baibdjN10vLf6Ssy9BVcNK
+3zUTOUuI9aLTNb3Ehi0erUsVaRDUiR0UcGS4tczVCiEXpyMORW9ydGDnGTu0Ug==
-----END CERTIFICATE-----
diff --git a/modules/secret/secrets/certificates/local_ca/local_ca.csr.pem
b/modules/secret/secrets/certificates/local_ca/local_ca.csr.pem
index 8525825..de2623d 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.csr.pem
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.csr.pem
@@ -1,10 +1,18 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBYTCCAQcCAQAwZDERMA8GA1UEAwwIbG9jYWxfY2ExCzAJBgNVBAYTAlVTMRYw
+MIIC6jCCAdICAQAwZDERMA8GA1UEAwwIbG9jYWxfY2ExCzAJBgNVBAYTAlVTMRYw
FAYDVQQHDA1TYW4gRnJhbmNpc2NvMR0wGwYDVQQKDBRXaWtpbWVkaWEgRm91bmRh
-dGlvbjELMAkGA1UECAwCQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ/r3Vs
-VsXbdyx0j0tqYxaXy69rZcMakCDgb+2U5kWkVuOydzOAgPSrVO5JdL7V58iMzjhH
-w4T9vzEs+P8rRIt7oEEwPwYJKoZIhvcNAQkOMTIwMDAPBgNVHRMBAf8EBTADAQH/
-MB0GA1UdDgQWBBTx2Hm13vxqiWEVTrr4BtIjZf5GsjAKBggqhkjOPQQDAgNIADBF
-AiEAk8UXRSoNrLh6/GXd3LZq/qER6G9FQ3l4NEDprt9YfvYCICDPgSYvYghFeY2o
-8Qbukk/GhMdRXeRt8JTeOJBAwkzX
+dGlvbjELMAkGA1UECAwCQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDYYiMrM9TmxRvvFmRp2lg45qQJYZOwRHc25yYye7KGRtlor5/Tf+SV+FXOBD0E
+H4QbeJekXgc74z1VcD+tyKcNraoC+Es6UMnh+uHV/MDNzak61klkpsRU/oQIk7KH
+ct0DdXzd2PN4t81pkbs7EALEs3RpHHrqw5O9pXSTdUVBxrXYwTvqmMoYfhA+Y0Pw
+aLZVB+Lus6tyIVxhrUl/FlHUr+tNwxcViOF6ey2uHjV5G7iOPUPZ+VoxJ+LFbnje
+fJDV663s6mE9SFx2XifCDMDal60ARRgqyta8kCHoMN+ylhlb7ckVpGGcFLRDkNaF
+rivtSh6vCQoqCWctmJMtNV3bAgMBAAGgQTA/BgkqhkiG9w0BCQ4xMjAwMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFPtkvcRngTubuGNZR+Uzbq0nh9kTMA0GCSqG
+SIb3DQEBCwUAA4IBAQBqwnZaJRBBGmnk21s61j1KHVUbUw7LvdEE3xcI8CowJBWO
+azdxjq9SEVbgKAoshMSEjT+A5Orn2k0n2biknPF94Du1phIPtMcInABCBkysBwou
+O36MSDCRH+c6Oj5URQCtGG6cIpvrypKkIrF+x5vL9cy6mqBoZ0ZCiwTTb00EfIHr
+iMYCdov7nEOtcyqlCPsuIk3zZhpBygOq+GFvaVrrffS6m0G0JW0FexiTnLcHFJL/
+er+nFwWCLCkpu3D1ZDL7v4dMahq4LERj+m6UJHSuJqJ3hACBvjolwUWWbFFm7a69
+zh+q0/gQTz+rSOgNgcLiSGSTvYNc7XCt/JLn7V2Y
-----END CERTIFICATE REQUEST-----
diff --git
a/modules/secret/secrets/certificates/local_ca/local_ca.key.private.pem
b/modules/secret/secrets/certificates/local_ca/local_ca.key.private.pem
index 10f65b9..cd00c21 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.key.private.pem
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.key.private.pem
@@ -1,7 +1,30 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAjqiAEYWbKXYAICCAAw
-HQYJYIZIAWUDBAEqBBBMm+Vp0WxmErG1URIYx6eTBIGQpyvdkRptkwtrlRtQNGSA
-hZS4wbFzHR94pKr1smphXooesiwezXFnBjkYPux8XF++yoO0siulqMw9g8R1mNQJ
-hvYkEqBUL+OwBt3EyaZT6w1MiMJKZwHhg+qP+0l8phB0Q1Zc+WWESMtzMk5e/kTz
-Tjl7V8r0pMi9yMo5Z8CT1y+nO/uMmPxsv4aM1tcZiCjV
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI9PKcUDKW3xUCAggA
+MB0GCWCGSAFlAwQBKgQQgPDZe8Cx5oD5hMEhC+TfvgSCBNAUeOUuav7Wm0chRbvN
+fl/7faKuvUtUC00vCULat+5aAgdrPG8jCFutaVACCGdrG8VLeirf1kiJvEUsw79+
+0oMp6sKsFFCUO8yCJu4s+BhZPqiMIZdBlBZBEa6oeYaPdhskzfIltD5A8t8rSepQ
+eENX7v40ZWB3VGrRHx3jV2u3ZDdzNIWgmeGCep1VcNt+r4TPd+pHy4d5IqXXlF6B
+IlIrgHQNdlxpVW5XgawfyE068w1ikTAmoJZ6BbzQRiSH8fsysqEfF2aNwo19YNBK
+4Tv4AXwFSTIe+hoVoJSarto+UvFIwpWR2FHQ24qjvUbap1DltfKEgQpgq/TeddOe
+FCJiNQuiIDqyaDXi2Tk1I0uBgICsCBqT2Z1S1RrcReJpmPv7hmd4+oQ5JOEOn7NW
+VpZAbb/SN0hixG8fBo9vZepFwVaD32sMCZ/YmVHcK7OvkER+6oiUOrthj4Nf6jMo
+jmORGCmA0zSzjltDibvjb+rglX0NIHHIVb1/UWLRD4+NCOlulIZqLwrtoOhTvt3U
+rv7WkMcIZug5pUoHrTHAjcqFbDNqtU0wx8ob4Nv662u2JqesM3SuRUunuC/TkMyY
+UL0pg85esQIeXDnplmiyeA09nA7lGB0s/4SLUtIVQrH23kxfgpN2Q3b70Hi2Cm4K
+1HiXSIN/B470qfIxj09wyJknyoK6oPVeoPB//sDXIu9toLsPgwA7HBiyaoZu2hSB
+JsTMDWga3bmL0s4/RAaAdOJxMePhkxfBIrITG8SEItmU360BpAU0qAU5VULmnKBH
+N6XdZa/1hyVY2fCVDOJZ7xXMKb2NEsUqNAfcdem0YSO1hcAL2UpHGXpPepSYQKIk
+syYlpBC1zNVd0M1dKab/lXBrjXasRRYJGjBhIDgz5euSJzvwXNpgdLLVh0j8r64x
+Zc7IentGQcI0059FqCpfIzG7/Lsnt89fj1OKaZWD9Xhg48d8vQMxGPsfsfIpfXlz
+QItQ8TNXIf6qupAlU/2UZ4OrhUzu7zQIopU1cl5MFJo56aT5wow2rgULVe+nthhr
+EluTsUP0y/as671FeDzfCclEu9uwkgH5lkwymZ25klOjpqouviyX73vIyzO//zCo
+BkqZdBiXwiMXWTBX5npHYpVf5wLJuTeVtNndMb1DboUT7bTgtcyMuH8IXZjnMCoG
+m4XN7De9nBwOjwS6sVhOZTevo9qrxtjurm42BmCgSLomlU094eJpVuZPygCtpLIU
+i8iFH+rWyxmBdl7hb+fAkOrf0zqhrlQUaOJDZ2whHKH1qil8h18RuRh9kItuFwuU
+7+62j0//GgcHqdAqmTsZk+eRX5lRSrBSuoeF0+/h8765BqtlIDEX44dbkuqjlEso
+5dWYKALf5VbaNRF48sr5dD/R1g3cFvtcQi/dtfGiTy0D1XCb+rPJkJymYAy3iK5D
+9JiedbKliRLIXcyvBnTKD7I7q5TzZcL1MoUvFpbAL3e/Vt9EhoV1qB/oEzCqqLSg
+8Km/uFD+VJ8oT43FV+Qh4TWUJ5mRCkz1CcjeVnvUcafZN09glBVFV8QYVihcCgzT
+xFalAImhGeqe+Tfcx4HI7bkMF15mi0AB3fEX2KjtXn4St0eMWSmZfztGTWi2maQr
+ptK1iXbxPrdfZj6gq1F0EMvrlA==
-----END ENCRYPTED PRIVATE KEY-----
diff --git
a/modules/secret/secrets/certificates/local_ca/local_ca.key.public.pem
b/modules/secret/secrets/certificates/local_ca/local_ca.key.public.pem
index 2218bdf..6a8f2c7 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.key.public.pem
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.key.public.pem
@@ -1,4 +1,9 @@
-----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP691bFbF23csdI9LamMWl8uva2XD
-GpAg4G/tlOZFpFbjsnczgID0q1TuSXS+1efIjM44R8OE/b8xLPj/K0SLew==
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GIjKzPU5sUb7xZkadpY
+OOakCWGTsER3NucmMnuyhkbZaK+f03/klfhVzgQ9BB+EG3iXpF4HO+M9VXA/rcin
+Da2qAvhLOlDJ4frh1fzAzc2pOtZJZKbEVP6ECJOyh3LdA3V83djzeLfNaZG7OxAC
+xLN0aRx66sOTvaV0k3VFQca12ME76pjKGH4QPmND8Gi2VQfi7rOrciFcYa1JfxZR
+1K/rTcMXFYjhenstrh41eRu4jj1D2flaMSfixW543nyQ1eut7OphPUhcdl4nwgzA
+2petAEUYKsrWvJAh6DDfspYZW+3JFaRhnBS0Q5DWha4r7UoerwkKKglnLZiTLTVd
+2wIDAQAB
-----END PUBLIC KEY-----
diff --git a/modules/secret/secrets/certificates/local_ca/local_ca.keystore.jks
b/modules/secret/secrets/certificates/local_ca/local_ca.keystore.jks
index 374ff9f..d9d5805 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.keystore.jks
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.keystore.jks
Binary files differ
diff --git a/modules/secret/secrets/certificates/local_ca/local_ca.keystore.p12
b/modules/secret/secrets/certificates/local_ca/local_ca.keystore.p12
index f303516..509bea2 100644
--- a/modules/secret/secrets/certificates/local_ca/local_ca.keystore.p12
+++ b/modules/secret/secrets/certificates/local_ca/local_ca.keystore.p12
Binary files differ
diff --git a/modules/secret/secrets/certificates/local_ca/truststore.jks
b/modules/secret/secrets/certificates/local_ca/truststore.jks
index 63c9940..bdcb76b 100644
--- a/modules/secret/secrets/certificates/local_ca/truststore.jks
+++ b/modules/secret/secrets/certificates/local_ca/truststore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/ca.crt.pem
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/ca.crt.pem
new file mode 100644
index 0000000..94fc1e6
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/ca.crt.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIBATANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTYxMDMxMjA1NzI2WhcNMjExMDMxMjA1NzI2WjBN
+MUswSQYDVQQDDEJQdXBwZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIu
+ZGVwbG95bWVudC1wcmVwLmVxaWFkLndtZmxhYnMwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQCj7EjIftvCNetx3t8X3sYk7kGOrblN7CmuR3Xd2/TNCIjz
+x5+18qkFInULhHVh0VTf1xq0a/mT5f76EGtXQtIMAeRGb9XpKsRpX0PwPylfRwDe
+y+mKSF+i60VtyEPy05lTmWwfVTruunal/nG1lEIxMJ5EN+M5YqBYq2x5alLN4odO
+pWTDuyQg2XALA//thtgE5Pt+6vA4U3QeHapz74HlDK7Lve46E4RVbAKhLZ7y6j+R
++FffACuQ0oONjjWhUqkIK/xIieFbURxBBdpT33Nk0H7xBCe9b4LgOn6ncnhLdkv3
+rZzjGNSLS9iXqI/tOV/B5aB3uOeHHtv6XvWby7Jqj1mt9LRWp95A/BElgpx0E99I
+aJp6FEqxBRZGTfSI1WV1Jaup7jDP03VB6LNYuITLYMoFTaZpBsR4hWSoxO40zV52
+/MHLOKjlcWTrfRNl8C2+fbudpO5rBJQQnB3GQQYJhpIL9ghGB4SXU/9xQ/pp1XE6
+8y4k7xNEUcJ1c9q46Dy9PNpVLUxvJ2H1bPTvpp1Y2SS8oHR91T27ycatyxOK/LYz
+aKU9CkCPcGjlL0AheLO+wsuCnlAlfJggB4qub15VRaV7AahZuDI/c5aI1t3cpfSq
+GbscItGhUcCnUrGWv8HZWXXbaJcD4K0avB6dlmVYc4kdTKGS9LYz4vo39smqCwID
+AQABo4HbMIHYMDUGCWCGSAGG+EIBDQQoUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRl
+cm5hbCBDZXJ0aWZpY2F0ZTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUwombKeKOHsR4x6TOvuqVVOwmkgYwXwYDVR0jBFgwVqFRpE8w
+TTFLMEkGA1UEAwxCUHVwcGV0IENBOiBkZXBsb3ltZW50LXB1cHBldG1hc3RlcjAy
+LmRlcGxveW1lbnQtcHJlcC5lcWlhZC53bWZsYWJzggEBMA0GCSqGSIb3DQEBCwUA
+A4ICAQADgWeHkAnj9Uw9Bo184ckVQkxJlRxOffjaWMov+fu7DFAtJoeT3Hurd3GZ
+BDgKBnFf8Vy3ilISMj2wwoginJerGY1Befd5jH/gaXjzPNRLCk7zf8uQ9TZphfDV
+PCW1FPCgfrDqpuUN7WuLlbYln36xPsWGg/ctOGszI/Rzg7Jf27+D2pvbyYrWtybL
+g1v3B0zSRAp7atLAVG0LXay76iTk/WxFDreWF9nxDKtem5dSNs5KFCEwGa8m4MQR
+qf28Wsq/bSpXnvjo1nvKPT6sUuo2U1Bomnea/gMyujgu3zcIJDymOhbIiRnOOVdA
+xfROjiHT9BXr8eSWHORxpHa0C8l8+ua5JMY8iGekG5+9UASUsw1PNRDwLrxBH+02
+0UJg+CdUjuDVxijXPTVz1/oT5ZKs8vQNUmvA4HR1qBuRgayMPMiO848dqwJUT96m
+p8XkDYqGXpYpPgKfJTdchtEfEXXakbU+ZLDs0zIVZ9dml8FvG3PB8tQcGBVZI1jG
+0MkI1sOQ2eY+9dj2wYfzZtzAdp6T+V2Q2nRMfA6ifWgEfgfFC+754cJ/IrBjcKpW
+hV0+QqNse8iiVt1494Y+/shvHg7rx4jVjO4AkF9y9BPn6IhvxoNPEEKGaKpGtS8F
+G1BZyQregyCxUwfg/LfR4X6X/anXtq7T5sbpWzolkAGnxxQccA==
+-----END CERTIFICATE-----
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/truststore.jks
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/truststore.jks
new file mode 100644
index 0000000..4a8f11b
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/truststore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.crt.pem
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.crt.pem
new file mode 100644
index 0000000..cbacd90
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.crt.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4TCCAcmgAwIBAgIBfTANBgkqhkiG9w0BAQsFADBNMUswSQYDVQQDDEJQdXBw
+ZXQgQ0E6IGRlcGxveW1lbnQtcHVwcGV0bWFzdGVyMDIuZGVwbG95bWVudC1wcmVw
+LmVxaWFkLndtZmxhYnMwHhcNMTgwMTE2MTYyNDQ2WhcNMjMwMTE2MTYyNDQ2WjAn
+MSUwIwYDVQQDDBx2YXJuaXNoa2Fma2EtZGVwbG95bWVudC1wcmVwMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEalXfr0JW7gN5S5UmZ6x3Ulz0wRBOhYV/tGsiGgkK
+zSiWLCuWqhlETz39XbJFs75zd72JhfOwj17qDlINEdjsbaOBvDCBuTA3BglghkgB
+hvhCAQ0EKgwoUHVwcGV0IFJ1YnkvT3BlblNTTCBJbnRlcm5hbCBDZXJ0aWZpY2F0
+ZTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQSsDSRReg7mZeZNNoAnDXDaX/ZeTAf
+BgNVHSMEGDAWgBTCiZsp4o4exHjHpM6+6pVU7CaSBjAOBgNVHQ8BAf8EBAMCBaAw
+IAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUA
+A4ICAQBM7VoFeZLM+mSvrZ/JX8FJCpw8u6C6G7O+vZed+Bxm0iV9+CydjcVyREGe
+Guj5tXDkqobMOxnKpw9FKf4QHa6f87qN84rPEtwVX61fFiVYfjlpNPKs0pjp2lNn
+laMM5s+0o0pwSHJ2NBzm1D8xFsAhzTvs2F7FBgOTCWBSMIfuttBuvq6qA95Y+HYi
+3jlJgh1Ma9rTshszUaIpDFvylzyAWLHSUaFrQpHOSDeWoS1pl7uvBluVyMfwpNWy
+US5BNUbCL7AcXgtLCLCckG3HoKccEwFni072ogCXwwbH8oI52S5EzEG8FyLdaZUC
+/J654jsrAwpSroqXk7PiCDEfMw4Jj4cD8CL0GDZYN6KrbRENGfWXTcla0xuyYjA3
++p2eoL1FHeOdhy4oppEPuhhSZdPSHXEaV9FPRaM0S5qfPgPrxkGJCeHVSYNp8xmd
+faMEGbvpuktma9RfvwBXE63dyRgfq1FMo5hm2FDDCsSZYR52ogmQLiALp938OouI
+yyFdonIj7ioE1bmn+cAarPtHdABz8YzmmYR6xLhxo/Q8f7quJhAdeyvgQQvqhQXC
+I1T923hHpTQReADIXCRY+WQdYkCIsSx4/9GCIMfn+WXd639iLRbyBFsnZ464B0cd
+yH9mN8s8xoyRx01KnMQ8vRpd011wzca6adIcw9U35rhzauh5qw==
+-----END CERTIFICATE-----
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.csr.pem
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.csr.pem
new file mode 100644
index 0000000..e307328
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.csr.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBQTCB6AIBADAnMSUwIwYDVQQDDBx2YXJuaXNoa2Fma2EtZGVwbG95bWVudC1w
+cmVwMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEalXfr0JW7gN5S5UmZ6x3Ulz0
+wRBOhYV/tGsiGgkKzSiWLCuWqhlETz39XbJFs75zd72JhfOwj17qDlINEdjsbaBf
+MF0GCSqGSIb3DQEJDjFQME4wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUErA0kUXo
+O5mXmTTaAJw1w2l/2XkwHwYDVR0jBBgwFoAUwombKeKOHsR4x6TOvuqVVOwmkgYw
+CgYIKoZIzj0EAwIDSAAwRQIgNhJ1AGDnG1r8fc2AbMJxQypjX9bmBTs7lKTqqzxI
+6b0CIQDFQTTjkcz4vb4VNeoj+HRRcDIGnGAlkg28MnSE0JQ+pA==
+-----END CERTIFICATE REQUEST-----
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.private.pem
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.private.pem
new file mode 100644
index 0000000..da032ce
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.private.pem
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAizwXMUk+a4BQICCAAw
+HQYJYIZIAWUDBAEqBBApZd0MevClFIIVPECmT/pvBIGQsTJKanOS12pc0YoeI3zl
+6so32D/seIVNw86SypJAvh1g8CTlsonVEyte1YMd0SyQby0Y5FtuBtreE96zFrQj
+8mnd1CDIxo0O+FD733LQzRgP/RCBC3V10hnLOhfkhoc4ZGiKFcyI//WDXsdtzvqi
+HE7YfOH9HEO3da98MQXvpyMslRMrEp+Do+pzQxAvcpUd
+-----END ENCRYPTED PRIVATE KEY-----
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.public.pem
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.public.pem
new file mode 100644
index 0000000..6979402
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.key.public.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEalXfr0JW7gN5S5UmZ6x3Ulz0wRBO
+hYV/tGsiGgkKzSiWLCuWqhlETz39XbJFs75zd72JhfOwj17qDlINEdjsbQ==
+-----END PUBLIC KEY-----
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.jks
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.jks
new file mode 100644
index 0000000..2afaa75
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.jks
Binary files differ
diff --git
a/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.p12
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.p12
new file mode 100644
index 0000000..854f115
--- /dev/null
+++
b/modules/secret/secrets/certificates/varnishkafka-deployment-prep/varnishkafka-deployment-prep.keystore.p12
Binary files differ
diff --git a/modules/secret/secrets/certificates/varnishkafka/README
b/modules/secret/secrets/certificates/varnishkafka/README
new file mode 100644
index 0000000..7d8fc81
--- /dev/null
+++ b/modules/secret/secrets/certificates/varnishkafka/README
@@ -0,0 +1 @@
+These are dummy files to make Puppet Catalog Compiler happy.
diff --git a/modules/secret/secrets/certificates/varnishkafka/ca.crt.pem
b/modules/secret/secrets/certificates/varnishkafka/ca.crt.pem
new file mode 100644
index 0000000..82476f4
--- /dev/null
+++ b/modules/secret/secrets/certificates/varnishkafka/ca.crt.pem
@@ -0,0 +1 @@
+BATMAN
--
To view, visit https://gerrit.wikimedia.org/r/404706
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I93e5325b6a2e78c4a62032a42c4e8f876853708c
Gerrit-PatchSet: 2
Gerrit-Project: labs/private
Gerrit-Branch: master
Gerrit-Owner: Ottomata <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
