consul/website/content/docs/connect/config-entries/inline-certificate.mdx
Jeff Boruszak 970353419c
docs: File System Certificates (#21259)
* Reference page updates

* Inline certificate config entry updates

* API Gateway configuration page

* K8s page updates

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>

* Daniele's suggestions

* Encrypt VMs suggestions

* Apply suggestions from code review

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

---------

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
2024-06-11 12:58:01 -07:00

167 lines
4.0 KiB
Plaintext

---
layout: docs
page_title: Inline certificate configuration reference
description: Learn how to configure an inline certificate bound to an API Gateway on VMs.
---
# Inline certificate configuration reference
This topic provides reference information for the inline certificate
configuration entry. The inline certificate secures TLS for the Consul API gateway on VMs. In production environments, we recommend you use the more secure [file system certificate configuration entry](/consul/docs/connect/config-entries/file-system-certificate) instead.
The inline certificate configuration entry is not used for Consul on Kubernetes deployments. To learn about configuring certificates for Kubernetes environments, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).
## Configuration model
The following list outlines field hierarchy, language-specific data types, and
requirements in an `inline-certificate` configuration entry. Click on a property name
to view additional details, including default values.
- [`Kind`](#kind): string | must be `"inline-certificate"`
- [`Name`](#name): string | no default
- [`Namespace`](#namespace): string | no default <EnterpriseAlert inline />
- [`Partition`](#partition): string | no default <EnterpriseAlert inline />
- [`Meta`](#meta): map | no default
- [`Certificate`](#certificate): string | no default
- [`PrivateKey`](#privatekey): string | no default
## Complete configuration
When every field is defined, an `inline-certificate` configuration entry has the following form:
<Tabs>
<Tab heading="HCL" group="hcl">
```hcl
Kind = "inline-certificate"
Name = "<name of certificate>"
Meta = {
"<any key>" = "<any value>"
}
Certificate = "<public certificate>"
PrivateKey = "<private key>"
```
</Tab>
<Tab heading="JSON" group="json">
```json
{
"Kind": "inline-certificate",
"Name": "<name of certificate>",
"Meta": {
"any key": "any value"
},
"Certificate": "<public certificate>",
"PrivateKey": "<private key>"
}
```
</Tab>
</Tabs>
## Specification
### `Kind`
Specifies the type of configuration entry to implement.
#### Values
- Default: none
- This field is required.
- Data type: string that must equal `"inline-certificate"`
### `Name`
Specifies a name for the configuration entry. The name is metadata that you can
use to reference the configuration entry when performing Consul operations, such
as applying a configuration entry to a specific cluster.
#### Values
- Default: none
- This field is required.
- Data type: string
### `Namespace` <EnterpriseAlert inline />
Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
### `Partition` <EnterpriseAlert inline />
Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.
#### Values
- Default: `"default"` in Enterprise
- Data type: string
### `Meta`
Specifies an arbitrary set of key-value pairs to associate with the gateway.
#### Values
- Default: none
- Data type: map containing one or more keys and string values.
### `Certificate`
Specifies the inline public certificate to use for TLS.
#### Values
- Default: none
- This field is required.
- Data type: string value of the public certificate
### `PrivateKey`
Specifies the inline private key to use for TLS.
#### Values
- Default: none
- This field is required.
- Data type: string value of the private key
## Examples
The following example demonstrates an inline certificate configuration.
<Tabs>
<Tab heading="HCL" group="hcl">
```hcl
Kind = "inline-certificate"
Name = "tls-certificate"
Certificate = "<complete-public-certificate>"
PrivateKey = "<complete-private-key>"
```
</Tab>
<Tab heading="JSON" group="json">
```json
{
"Kind": "inline-certificate",
"Name": "tls-certificate",
"Certificate": "<complete-public-certificate>",
"PrivateKey": "<complete-private-key>"
}
```
</Tab>
</Tabs>