EXT-1270 Add --mon-key option with the same meaning as the --ic-key/--grpc-key options

[UgnineSirdis]

Changelog entry

...

Changelog category

• Not for changelog (changelog entry is not required)

Description for reviewers

For all other TLS connections we have several options: --xx-key and --xx-cert: separate options for certificate and key. The aim of this PR is to do the same for monitoring options.

[github-actions]

⚪ 2025-12-08 11:17:14 UTC Pre-commit check linux-x86_64-relwithdebinfo for 436bfac has started.
⚪ 2025-12-08 11:17:31 UTC Artifacts will be uploaded here
⚪ 2025-12-08 11:19:41 UTC ya make is running...
⚫ 2025-12-08 11:27:03 UTC Check cancelled

[github-actions]

⚪ 2025-12-08 11:17:15 UTC Pre-commit check linux-x86_64-release-asan for 436bfac has started.
⚪ 2025-12-08 11:17:33 UTC Artifacts will be uploaded here
⚪ 2025-12-08 11:19:42 UTC ya make is running...
⚫ 2025-12-08 11:27:05 UTC Check cancelled

[ydbot]

Run Extra Tests

Run additional tests for this PR. You can customize:

• Test Size: small, medium, large (default: all)
• Test Targets: any directory path (default: ydb/)
• Sanitizers: ASAN, MSAN, TSAN
• Coredumps: enable for debugging (default: off)
• Additional args: custom ya make arguments

[github-actions]

🟢 2025-12-08 11:23:18 UTC The validation of the Pull Request description is successful.

[Copilot]

Pull request overview

This PR adds the --mon-key command-line option to specify a separate private key file for monitoring HTTPS configuration, aligning with existing --ic-key and --grpc-key options. This change allows users to maintain separate certificate and private key files for monitoring SSL/TLS configuration, rather than requiring both to be in the same file.

• Added MonitoringPrivateKeyFile field to configuration protobuf and related structures
• Updated SSL context creation logic to support optional separate key file parameter
• Refactored certificate loading from inline file reading to path-based configuration

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
ydb/library/actors/http/http_proxy_ssl.h	Modified CreateServerContext to support optional separate key file, falling back to certificate file when key is empty
ydb/core/protos/config.proto	Added MonitoringPrivateKeyFile field to TMonitoringConfig message
ydb/core/mon/mon.h	Added PrivateKeyFile field to config struct with documentation comments
ydb/core/mon/mon.cpp	Updated to pass certificate and private key file paths to HTTP proxy; modified Secure flag logic
ydb/core/driver_lib/run/run.cpp	Changed from reading certificate file inline to passing file path to monitoring config
ydb/core/driver_lib/run/config_parser.h	Added MonitoringPrivateKeyFile field to config parser options
ydb/core/driver_lib/run/config_parser.cpp	Added --mon-key command-line option and updated certificate handling to use file paths
ydb/core/config/init/init_impl.h	Added MonitoringPrivateKeyFile field and --mon-key option, removed inline file reading validation

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

⚪ 2025-12-08 11:28:43 UTC Pre-commit check linux-x86_64-release-asan for 29c28fb has started.
⚪ 2025-12-08 11:29:00 UTC Artifacts will be uploaded here
⚪ 2025-12-08 11:31:07 UTC ya make is running...
🟡 2025-12-08 13:13:04 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
13461	13384	0	55	13	9

🟢 2025-12-08 13:13:14 UTC Build successful.
🟢 2025-12-08 13:13:43 UTC ydbd size 3.8 GiB changed* by +33.0 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: 804872d	merge: 29c28fb	diff	diff %
ydbd size	4 130 914 848 Bytes	4 130 948 608 Bytes	+33.0 KiB	+0.001%
ydbd stripped size	1 533 393 624 Bytes	1 533 405 752 Bytes	+11.8 KiB	+0.001%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2025-12-08 11:31:27 UTC Pre-commit check linux-x86_64-relwithdebinfo for 29c28fb has started.
⚪ 2025-12-08 11:31:44 UTC Artifacts will be uploaded here
⚪ 2025-12-08 11:33:52 UTC ya make is running...
🟡 2025-12-08 13:44:14 UTC Some tests failed, follow the links below. Going to retry failed tests...

Ya make output | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
41431	38504	0	2	2902	23

⚪ 2025-12-08 13:44:28 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-12-08 14:03:35 UTC Tests successful.

Ya make output | Test bloat | Test bloat

TESTS	PASSED	ERRORS	FAILED	SKIPPED	MUTED?
42 (only retried tests)	28	0	0	0	14

🟢 2025-12-08 14:03:42 UTC Build successful.
🟢 2025-12-08 14:04:05 UTC ydbd size 2.3 GiB changed* by +17.2 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash	main: a30e5b9	merge: 29c28fb	diff	diff %
ydbd size	2 467 565 392 Bytes	2 467 582 992 Bytes	+17.2 KiB	+0.001%
ydbd stripped size	525 065 504 Bytes	525 067 776 Bytes	+2.2 KiB	+0.000%

^{*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation}

[github-actions]

⚪ 2025-12-08 15:17:42 UTC Pre-commit check linux-x86_64-relwithdebinfo for ad30dc3 has started.
⚪ 2025-12-08 15:18:00 UTC Artifacts will be uploaded here
⚪ 2025-12-08 15:20:13 UTC ya make is running...

[github-actions]

⚪ 2025-12-08 15:17:48 UTC Pre-commit check linux-x86_64-release-asan for ad30dc3 has started.
⚪ 2025-12-08 15:18:05 UTC Artifacts will be uploaded here
⚪ 2025-12-08 15:20:14 UTC ya make is running...