-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TLSConfig for the Vault CA Provider #4800
Comments
Hey, Yep you right, thanks for filing this - we'll need to add a way to specify client certificates. Do you need to use a specific certificate (i.e. different identity/CA from the Consul server's TLS certificate) or would it be enough to just present the server's TLS certificate if one is set? |
Thank you for the answer. As for me, I think the easiest way is to add three fields like ca_file, key_file, cert_file or so. It will allow to use third-party certificates for communication with Vault. It will also allow to set same certificate files on which Consul communication built (if used) and I would prefer this way to inform provider about my needs. |
The Consul Connect docs currently use `http://localhost:8200' as an example when talking about Vault as a Connect CA. This isn't a proper example since it is highly discouraged to run Vault without TLS. So in order to use Vault realistically as a CA with Connect you'll really need - as already discussed - the following options (from https://www.nomadproject.io/docs/configuration/vault.html):
|
Thanks @rkettelerij! You are quite right and it makes perfect sense to use the same config options nomad does. @kyhavlov FYI seems like an important one to get in this cycle. |
Hello!
There is only Address option in Vault CA provider configuration endpoint. As I can see, when https:// Vault URI used, vaultAPI is trying to establish connection using default http.Client structure. Since our Vault cluster checks clients certificates, I wish to specify certificates for Consul to connect to Vault.
Do you plan to add this feature in next releases?
Thanks in advance.
The text was updated successfully, but these errors were encountered: