mirror of https://github.com/status-im/consul.git
128 lines
3.4 KiB
Plaintext
128 lines
3.4 KiB
Plaintext
|
---
|
||
|
layout: docs
|
||
|
page_title: File System Certificate Configuration Reference
|
||
|
description: Learn how to configure a file system certificate bound to an API Gateway on VMs.
|
||
|
---
|
||
|
|
||
|
# File system certificate configuration reference
|
||
|
|
||
|
This topic provides reference information for the gateway file system certificate
|
||
|
configuration entry. For information about certificate configuration for Kubernetes environments, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).
|
||
|
|
||
|
## Configuration model
|
||
|
|
||
|
The following list outlines field hierarchy, language-specific data types, and
|
||
|
requirements in a `file-system-certificate` configuration entry. Click on a property name
|
||
|
to view additional details, including default values.
|
||
|
|
||
|
- [`Kind`](#kind): string | must be `"file-system-certificate"`
|
||
|
- [`Name`](#name): string | no default
|
||
|
- [`Namespace`](#namespace): string | no default <EnterpriseAlert inline />
|
||
|
- [`Partition`](#partition): string | no default <EnterpriseAlert inline />
|
||
|
- [`Meta`](#meta): map | no default
|
||
|
- [`Certificate`](#certificate): string | no default
|
||
|
- [`PrivateKey`](#privatekey): string | no default
|
||
|
|
||
|
## Complete configuration
|
||
|
|
||
|
When every field is defined, a `file-system-certificate` configuration entry has the following form:
|
||
|
|
||
|
<CodeTabs>
|
||
|
|
||
|
```HCL
|
||
|
Kind = "file-system-certificate"
|
||
|
Name = "<name of certificate>"
|
||
|
|
||
|
Meta = {
|
||
|
"<any key>" = "<any value>"
|
||
|
}
|
||
|
|
||
|
Certificate = "<filepath to public certificate>"
|
||
|
PrivateKey = "<filepath to private key>"
|
||
|
```
|
||
|
|
||
|
```JSON
|
||
|
{
|
||
|
"Kind": "file-system-certificate",
|
||
|
"Name": "<name of certificate>",
|
||
|
"Meta": {
|
||
|
"any key": "any value"
|
||
|
}
|
||
|
"Certificate": "<filepath to public certificate>",
|
||
|
"PrivateKey": "<filepath to private key>"
|
||
|
}
|
||
|
```
|
||
|
|
||
|
</CodeTabs>
|
||
|
|
||
|
## Specification
|
||
|
|
||
|
### `Kind`
|
||
|
|
||
|
Specifies the type of configuration entry to implement.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: none
|
||
|
- This field is required.
|
||
|
- Data type: string that must equal `"file-system-certificate"`
|
||
|
|
||
|
### `Name`
|
||
|
|
||
|
Specifies a name for the configuration entry. The name is metadata that you can
|
||
|
use to reference the configuration entry when performing Consul operations, such
|
||
|
as applying a configuration entry to a specific cluster.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: none
|
||
|
- This field is required.
|
||
|
- Data type: string
|
||
|
|
||
|
### `Namespace` <EnterpriseAlert inline />
|
||
|
|
||
|
Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: `"default"` in Enterprise
|
||
|
- Data type: string
|
||
|
|
||
|
### `Partition` <EnterpriseAlert inline />
|
||
|
|
||
|
Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: `"default"` in Enterprise
|
||
|
- Data type: string
|
||
|
|
||
|
### `Meta`
|
||
|
|
||
|
Specifies an arbitrary set of key-value pairs to associate with the gateway.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: none
|
||
|
- Data type: map containing one or more keys and string values.
|
||
|
|
||
|
### `Certificate`
|
||
|
|
||
|
Specifies the filepath to a public certificate to use for TLS. This filepath must be accessible to the API gateway proxy at runtime.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: none
|
||
|
- This field is required.
|
||
|
- Data type: string value of the filepath to a public certificate
|
||
|
|
||
|
### `PrivateKey`
|
||
|
|
||
|
Specifies the filepath to a private key to use for TLS. This filepath must be accessible to the API gateway proxy at runtime.
|
||
|
|
||
|
#### Values
|
||
|
|
||
|
- Default: none
|
||
|
- This field is required.
|
||
|
- Data type: string value of the filepath to a private key
|