Support for importing certificates from AWS Certificate Manager to kubernetes.io/tls Secrets

[hardillb]

I have a need to terminate TLS connections in a pod rather than in the NLB (I need the SNI information to identify up stream resources and the app doesn't support Proxy Protocol).

I was hoping to use this with the CSI Secrets Store to mount AWS Certificate Manager issued certificates/keys into the container. Unless I've missed something in the docs, this is not currently possible.

This would be very useful as it would remove the need to mark the certificate/key as exportable and then re-importing them into AWS Secret Manager and it would handle renewal of certificates automatically.

Would this be possible (even if it requires marking the certs as exportable in AWS Certificate Manager)?

[simonmarty]

I'll forward your feature request to AWS Certificate Manager to see if this is something that can be built either into secrets-store-csi-driver or cert-manager.