As Cloud Foundry achieves its goal to be secure by default, the number of certificates and certificate authorities an operator needs to worry about increases. This introduces a burden for Cloud Foundry operators to manage those certificates and monitor their lifespan. In the past year there have been significant improvements to credential management with tools like CredHub, which make generating and storing deployment credentials very easy. The next step is to address credential rotation.
What to do if your certificates expire in two days? If you have ever rotated Cloud Foundry certificates, you know that it is hard, error-prone and can result in downtime.
This talk will explore how to streamline this process with Concourse, BOSH, and CredHub. We will show a real Concourse pipeline that rotates all certificates with zero application downtime.
Iryna has been an engineer on Cloud Foundry for 2.5 years. Currently Iryna works on the CF Release Integration team, and previously anchored the CredHub team.