Context

I'm looking for good ways to inject the SAML encryption keys into the configuration and ideally without decrypting the key file on disk.

I previously raised this with Spring Security and @jzheaux asked me to open an issue here instead.

Requested enhancement

When acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificates in configuration. For example, by setting spring.security.saml2.relyingparty.registration.<reg-id>.signing.credentials.bundle.

Current Behavior

The private-key-location and certificate-key-location must be set separately and don't seem to have useful functionality offered by the SSL bundles, such as loading from a keystore and decrypting the private key.