Save private key and ocsp in database

[mymy47]

Is there a way to store private key and ocsp files in the database instead of in file?

I have some limits in my servers and using files exclusively for these, which has resulted in a slowdown

[antt1995]

Would love this,
Great for using in Kubernetes

[mathiasertl]

Hi,

This is currently not possible, as storing them in the database is a security risk. The frontend webserver should not have access to the private keys... but needs access to the database.

I have some limits in my servers and using files exclusively for these, which has resulted in a slowdown

Can you details those limits and where the slowdown occurs? OCSP keys should usually be in the cache, making them very fast, and signing private keys can hardly be the limiting factor (and occurs in the Celery worker anyway).

Great for using in Kubernetes

Do you really have no way of storing files there?

kr, Mat

[mymy47]

@mathiasertl

I want to run it in Kubernetes, but there are significant file limitations.
In Kubernetes, Using a database is more secure and reliable than relying on files.

[mymy47]

So,
I believe the only solution for me is to use django-db-file-storage.

[mathiasertl]

At present, that would be a solution, yes.

However dynamic backend support could be used to implement storage in the database. If you're willing to try a PR, I'm happy to assist, otherwise I can't commit to implementing this before 2.1.