We might have the use case, that secrets of specific types are only allowed to be stored within systems with a appropriate “protection class”, thus not inside the Kubernetes cluster. An example for such a secret would be the issuer cert’s private-key.
-
If we use Vault as a CA, can it issue certificates for the services directly / independently, or does it require to copy issuer credentials into a Kubernetes Secret?
-
If we use ACM Private CA as a CA, can t issue certificates for the services directly / independently, or does it require to copy issuer credentials into a Kubernetes Secret?