Allow rotation of TLS server/client certificates without being forced to restart heimdal

Question

Allow rotation of TLS server/client certificates without being forced to restart heimdal

dadrus opened this issue 4 months ago · comments

Preflight checklist

I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines."
I have discussed this feature request with the community.

Describe the background of your feature request

As of today, there is a need to restart heimdall each time new TLS server or client certificates were updated. This approach is secure and convenient in most cases. If however, heimdall is used as a proxy and the communication between the client and the upstream service happen via WebSockets or other long lasting streaming connections, restarting of heimdall can lead to cascading errors.

Describe your idea

To make it more convenient, it would be helpful to let heimdall react on secret rotation and let it use new updated secrets.

Are there any workarounds or alternatives?

Restart heimdall

Version

v0.13.0-alpha

Additional Context

This FR has been discussed in Discord: https://discord.com/channels/1100447190796742698/1131484813258391665/1131484813258391665 and relates to #1036