consul/website/content/docs/connect/config-entries/inline-certificate.mdx

---
layout: docs
page_title: Inline Certificate Configuration Reference
description: Learn how to configure an inline certificate bound to an API Gateway on VMs.
---

# Inline certificate configuration reference

This topic provides reference information for the gateway inline certificate
configuration entry. For information about certificate configuration for Kubernetes environments, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).

## Configuration model

The following list outlines field hierarchy, language-specific data types, and
requirements in an `inline-certificate` configuration entry. Click on a property name
to view additional details, including default values.

- [`Kind`](#kind): string | must be `"inline-certificate"`
- [`Name`](#name): string | no default
- [`Namespace`](#namespace): string | no default <EnterpriseAlert inline />
- [`Partition`](#partition): string | no default <EnterpriseAlert inline />
- [`Meta`](#meta): map | no default
- [`Certificate`](#certificate): string | no default
- [`PrivateKey`](#privatekey): string | no default

## Complete configuration

When every field is defined, an `inline-certificate` configuration entry has the following form:

<CodeTabs>

```HCL
Kind = "inline-certificate"
Name = "<name of certificate>"

Meta = {
	"<any key>" = "<any value>"
}

Certificate = "<public certificate>"
PrivateKey = "<private key>"
```

```JSON
{
	"Kind": "inline-certificate",
	"Name": "<name of certificate>",
	"Meta": {
		"any key": "any value"
	}
	"Certificate": "<public certificate>",
	"PrivateKey": "<private key>"
}
```

</CodeTabs>

## Specification

### `Kind`

Specifies the type of configuration entry to implement.

#### Values

- Default: none
- This field is required.
- Data type: string that must equal `"inline-certificate"`

### `Name`

Specifies a name for the configuration entry. The name is metadata that you can
use to reference the configuration entry when performing Consul operations, such
as applying a configuration entry to a specific cluster.

#### Values

- Default: none
- This field is required.
- Data type: string

### `Namespace` <EnterpriseAlert inline />

Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.

#### Values

- Default: `"default"` in Enterprise
- Data type: string

### `Partition` <EnterpriseAlert inline />

Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.

#### Values

- Default: `"default"` in Enterprise
- Data type: string

### `Meta`

Specifies an arbitrary set of key-value pairs to associate with the gateway.

#### Values

- Default: none
- Data type: map containing one or more keys and string values.

### `Certificate`

Specifies the inline public certificate to use for TLS.

#### Values

- Default: none
- This field is required.
- Data type: string value of the public certificate

### `PrivateKey`

Specifies the inline private key to use for TLS.

#### Values

- Default: none
- This field is required.
- Data type: string value of the private key
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2023-02-23 21:01:47 +00:00			`---`
			`layout: docs`
			`page_title: Inline Certificate Configuration Reference`
			`description: Learn how to configure an inline certificate bound to an API Gateway on VMs.`
			`---`

			`# Inline certificate configuration reference`

			`This topic provides reference information for the gateway inline certificate`
Docs/api-gw-jwts-openshift-1-17-x (#19035) * update main apigw overview * moved the tech specs to main gw folder * merged tech specs into single topic * restructure nav part 1 * fix typo in nav json file * moved k8s install up one level * restructure nav part 2 * moved and created all listeners and routes content * moved errors ref and upgrades * fix error in upgrade-k8s link * moved conf refs to appropriate spots * updated conf overview * fixed some links and bad formatting * fixed link * added JWT on VMs usage page * added JWT conf to APIGW conf entry * added JWTs to HTTP route conf entry * added new gatwaypolicy k8s conf reference * added metadesc for gatewaypolicy conf ref * added http route auth filter k8s conf ref * added http route auth filter k8s conf ref to nav * updates to k8s route conf ref to include extensionRef * added JWTs usage page for k8s * fixed link in gwpolicy conf ref * added openshift installation info to installation pages * fixed bad link on tech specs * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * fixed VerityClaims param * best guess at verifyclaims params * tweaks to gateway policy dconf ref * Docs/ce 475 retries timeouts for apigw (#19086) * added timeout and retry conf ref for k8s * added retry and TO filters to HTTP routes conf ref for VMs * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * fix copy/paste error in http route conf entry --------- Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> * update links across site and add redirects * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> * Applied feedback from review * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> * Update CRD configuration for responseHeaderModifiers * Update Config Entry for http-route * Add ResponseFilter example to service * Update website/redirects.js errant curly brace breaking the preview * fix links and bad MD * fixed md formatting issues * fix formatting errors * fix formatting errors * Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx * Apply suggestions from code review * fixed typo * Fix headers in http-route * Apply suggestions from code review Co-authored-by: John Maguire <john.maguire@hashicorp.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> --------- Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com> Co-authored-by: Thomas Eckert <teckert@hashicorp.com> Co-authored-by: John Maguire <john.maguire@hashicorp.com> 2023-10-10 20:29:55 +00:00			`configuration entry. For information about certificate configuration for Kubernetes environments, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).`
Native API Gateway Docs (#16365) * Create empty files * Copy over content for overview * Copy over content for usage * Copy over content for api-gateway config * Copy over content for http-route config * Copy over content for tcp-route config * Copy over content for inline-certificate config * Add docs to the sidebar * Clean up overview. Start cleaning up usage * Add BETA badge to API Gateways portion of nav * Fix header * Fix up usage * Fix up API Gateway config * Update paths to be consistent w/ other gateway docs * Fix up http-route * Fix up inline-certificate * rename path * Fix up tcp-route * Add CodeTabs * Add headers to config pages * Fix configuration model for http route and inline certificate * Add version callout to API gateway overview page * Fix values for inline certificate * Fix values for api gateway configuration * Fix values for TCP Route config * Fix values for HTTP Route config * Adds link from k8s gateway to vm gateway page * Remove versioning warning * Serve overview page at ../api-gateway, consistent w/ mesh-gateway * Remove weight field from tcp-route docs * Linking to usage instead of overview from k8s api-gateway to vm api-gateway * Fix issues in usage page * Fix links in usage * Capitalize Kubernetes * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * remove optional callout * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Update website/content/docs/connect/gateways/api-gateway/configuration/api-gateway.mdx * Fix formatting of Hostnames * Update website/content/docs/api-gateway/index.mdx * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> * Add cross-linking of config entries * Fix rendering error on new operator usage docs * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Apply suggestions from code review * Apply suggestions from code review * Add BETA badges to config entry links * http route updates * Add Enterprise keys * Use map instead of list for meta field, use consistent formatting * Convert spaces to tabs * Add all Enterprise info to TCP Route * Use pascal case for JSON api-gateway example * Add enterprise to HCL api-gw cfg * Use pascal case for missed JSON config fields * Add enterprise to JSON api-gw cfg * Add enterprise to api-gw values * adds enterprise to http route * Update website/content/docs/connect/gateways/api-gateway/index.mdx Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Add enterprise to api-gw spec * Add missing namespace, partition + meta to specification * fixes for http route * Fix ordering of API Gatetway cfg spec items * whitespace * Add linking of values to tcp * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Fix comma in wrong place * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Move Certificates down * Apply suggestions from code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * Tabs to spaces in httproute * Use configuration entry instead of config entry * Fix indentations on api-gateway and tcp-route * Add whitespace between code block and prose * Apply suggestions from code review Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * adds <> to http route --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com> Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@gmail.com> Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com> Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2023-02-23 21:01:47 +00:00
			`## Configuration model`

			`The following list outlines field hierarchy, language-specific data types, and`
			requirements in an `inline-certificate` configuration entry. Click on a property name
			`to view additional details, including default values.`

			- [`Kind`](#kind): string \| must be `"inline-certificate"`
			- [`Name`](#name): string \| no default
			- [`Namespace`](#namespace): string \| no default <EnterpriseAlert inline />
			- [`Partition`](#partition): string \| no default <EnterpriseAlert inline />
			- [`Meta`](#meta): map \| no default
			- [`Certificate`](#certificate): string \| no default
			- [`PrivateKey`](#privatekey): string \| no default

			`## Complete configuration`

			When every field is defined, an `inline-certificate` configuration entry has the following form:

			`<CodeTabs>`

			```HCL
			`Kind = "inline-certificate"`
			`Name = "<name of certificate>"`

			`Meta = {`
			`"<any key>" = "<any value>"`
			`}`

			`Certificate = "<public certificate>"`
			`PrivateKey = "<private key>"`
			```

			```JSON
			`{`
			`"Kind": "inline-certificate",`
			`"Name": "<name of certificate>",`
			`"Meta": {`
			`"any key": "any value"`
			`}`
			`"Certificate": "<public certificate>",`
			`"PrivateKey": "<private key>"`
			`}`
			```

			`</CodeTabs>`

			`## Specification`

			### `Kind`

			`Specifies the type of configuration entry to implement.`

			`#### Values`

			`- Default: none`
			`- This field is required.`
			- Data type: string that must equal `"inline-certificate"`

			### `Name`

			`Specifies a name for the configuration entry. The name is metadata that you can`
			`use to reference the configuration entry when performing Consul operations, such`
			`as applying a configuration entry to a specific cluster.`

			`#### Values`

			`- Default: none`
			`- This field is required.`
			`- Data type: string`

			### `Namespace` <EnterpriseAlert inline />

			`Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.`

			`#### Values`

			- Default: `"default"` in Enterprise
			`- Data type: string`

			### `Partition` <EnterpriseAlert inline />

			`Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.`

			`#### Values`

			- Default: `"default"` in Enterprise
			`- Data type: string`

			### `Meta`

			`Specifies an arbitrary set of key-value pairs to associate with the gateway.`

			`#### Values`

			`- Default: none`
			`- Data type: map containing one or more keys and string values.`

			### `Certificate`

			`Specifies the inline public certificate to use for TLS.`

			`#### Values`

			`- Default: none`
			`- This field is required.`
			`- Data type: string value of the public certificate`

			### `PrivateKey`

			`Specifies the inline private key to use for TLS.`

			`#### Values`

			`- Default: none`
			`- This field is required.`
			`- Data type: string value of the private key`