deploy certificates directly from pillar

... by providing a pillar string. I developed this for use in
combination with ext_pillar and file_tree to deploy letsencrypt
certificates.

nginx/ng/certificates.sls

@@ -36,17 +36,25 @@ nginx_{{ domain }}_ssl_certificate:
   file.managed:
     - name: {{ certificates_path }}/{{ domain }}.crt
     - makedirs: True
+{% if salt['pillar.get']("nginx:ng:certificates:{}:public_cert_pillar".format(domain)) %}
+    - contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:public_cert_pillar'.format(domain))}}
+{% else %}
     - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
+{% endif %}
     - watch_in:
       - service: nginx_service
 
-{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
+{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain))%}
 nginx_{{ domain }}_ssl_key:
   file.managed:
     - name: {{ certificates_path }}/{{ domain }}.key
     - mode: 600
     - makedirs: True
+{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key_pillar".format(domain)) %}
+    - contents_pillar: {{salt['pillar.get']('nginx:ng:certificates:{}:private_key_pillar'.format(domain))}}
+{% else %}
     - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
+{% endif %}
     - watch_in:
       - service: nginx_service
 {% endif %}

pillar.example

@@ -182,6 +182,11 @@ nginx:
     # control (or use encrypted pillar data).
     certificates:
       'www.example.com':
+
+        # choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree)
+        # public_cert_pillar: certs:example.com:fullchain.pem
+        # private_key_pillar: certs:example.com:privkey.pem
+        # or directly pasting the cert
         public_cert: |
           -----BEGIN CERTIFICATE-----
           (Your Primary SSL certificate: www.example.com.crt)