From c1642c5b5018378b647c0ef43f39daed408a909d Mon Sep 17 00:00:00 2001
From: jeanluc <lkubb@protonmail.com>
Date: Mon, 22 Apr 2024 17:27:07 +0200
Subject: [PATCH] Make local signing with policy containing signing key work

---
 changelog/66414.fixed.md | 1 +
 salt/states/x509_v2.py   | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 changelog/66414.fixed.md

diff --git a/changelog/66414.fixed.md b/changelog/66414.fixed.md
new file mode 100644
index 00000000000..e777d18226d
--- /dev/null
+++ b/changelog/66414.fixed.md
@@ -0,0 +1 @@
+Fixed x509_v2 certificate.managed crash for locally signed certificates if the signing policy defines signing_private_key
diff --git a/salt/states/x509_v2.py b/salt/states/x509_v2.py
index af1cb05e75b..93c80003e22 100644
--- a/salt/states/x509_v2.py
+++ b/salt/states/x509_v2.py
@@ -1606,10 +1606,12 @@ def _build_cert(
     ca_server=None, signing_policy=None, signing_private_key=None, **kwargs
 ):
     final_kwargs = copy.deepcopy(kwargs)
+    final_kwargs["signing_private_key"] = signing_private_key
     x509util.merge_signing_policy(
         __salt__["x509.get_signing_policy"](signing_policy, ca_server=ca_server),
         final_kwargs,
     )
+    signing_private_key = final_kwargs.pop("signing_private_key")
 
     builder, _, private_key_loaded, signing_cert = x509util.build_crt(
         signing_private_key,