mirror of
https://github.com/status-im/consul.git
synced 2025-01-19 02:03:00 +00:00
970353419c
* Reference page updates * Inline certificate config entry updates * API Gateway configuration page * K8s page updates * Apply suggestions from code review Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com> * Daniele's suggestions * Encrypt VMs suggestions * Apply suggestions from code review Co-authored-by: Blake Covarrubias <blake@covarrubi.as> --------- Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
167 lines
4.0 KiB
Plaintext
167 lines
4.0 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Inline certificate configuration reference
|
|
description: Learn how to configure an inline certificate bound to an API Gateway on VMs.
|
|
---
|
|
|
|
# Inline certificate configuration reference
|
|
|
|
This topic provides reference information for the inline certificate
|
|
configuration entry. The inline certificate secures TLS for the Consul API gateway on VMs. In production environments, we recommend you use the more secure [file system certificate configuration entry](/consul/docs/connect/config-entries/file-system-certificate) instead.
|
|
|
|
The inline certificate configuration entry is not used for Consul on Kubernetes deployments. To learn about configuring certificates for Kubernetes environments, refer to [Gateway Resource Configuration](/consul/docs/connect/gateways/api-gateway/configuration/gateway).
|
|
|
|
## Configuration model
|
|
|
|
The following list outlines field hierarchy, language-specific data types, and
|
|
requirements in an `inline-certificate` configuration entry. Click on a property name
|
|
to view additional details, including default values.
|
|
|
|
- [`Kind`](#kind): string | must be `"inline-certificate"`
|
|
- [`Name`](#name): string | no default
|
|
- [`Namespace`](#namespace): string | no default <EnterpriseAlert inline />
|
|
- [`Partition`](#partition): string | no default <EnterpriseAlert inline />
|
|
- [`Meta`](#meta): map | no default
|
|
- [`Certificate`](#certificate): string | no default
|
|
- [`PrivateKey`](#privatekey): string | no default
|
|
|
|
## Complete configuration
|
|
|
|
When every field is defined, an `inline-certificate` configuration entry has the following form:
|
|
|
|
<Tabs>
|
|
|
|
<Tab heading="HCL" group="hcl">
|
|
|
|
```hcl
|
|
Kind = "inline-certificate"
|
|
Name = "<name of certificate>"
|
|
|
|
Meta = {
|
|
"<any key>" = "<any value>"
|
|
}
|
|
|
|
Certificate = "<public certificate>"
|
|
PrivateKey = "<private key>"
|
|
```
|
|
|
|
</Tab>
|
|
|
|
<Tab heading="JSON" group="json">
|
|
|
|
```json
|
|
{
|
|
"Kind": "inline-certificate",
|
|
"Name": "<name of certificate>",
|
|
"Meta": {
|
|
"any key": "any value"
|
|
},
|
|
"Certificate": "<public certificate>",
|
|
"PrivateKey": "<private key>"
|
|
}
|
|
```
|
|
|
|
</Tab>
|
|
</Tabs>
|
|
|
|
## Specification
|
|
|
|
### `Kind`
|
|
|
|
Specifies the type of configuration entry to implement.
|
|
|
|
#### Values
|
|
|
|
- Default: none
|
|
- This field is required.
|
|
- Data type: string that must equal `"inline-certificate"`
|
|
|
|
### `Name`
|
|
|
|
Specifies a name for the configuration entry. The name is metadata that you can
|
|
use to reference the configuration entry when performing Consul operations, such
|
|
as applying a configuration entry to a specific cluster.
|
|
|
|
#### Values
|
|
|
|
- Default: none
|
|
- This field is required.
|
|
- Data type: string
|
|
|
|
### `Namespace` <EnterpriseAlert inline />
|
|
|
|
Specifies the Enterprise [namespace](/consul/docs/enterprise/namespaces) to apply to the configuration entry.
|
|
|
|
#### Values
|
|
|
|
- Default: `"default"` in Enterprise
|
|
- Data type: string
|
|
|
|
### `Partition` <EnterpriseAlert inline />
|
|
|
|
Specifies the Enterprise [admin partition](/consul/docs/enterprise/admin-partitions) to apply to the configuration entry.
|
|
|
|
#### Values
|
|
|
|
- Default: `"default"` in Enterprise
|
|
- Data type: string
|
|
|
|
### `Meta`
|
|
|
|
Specifies an arbitrary set of key-value pairs to associate with the gateway.
|
|
|
|
#### Values
|
|
|
|
- Default: none
|
|
- Data type: map containing one or more keys and string values.
|
|
|
|
### `Certificate`
|
|
|
|
Specifies the inline public certificate to use for TLS.
|
|
|
|
#### Values
|
|
|
|
- Default: none
|
|
- This field is required.
|
|
- Data type: string value of the public certificate
|
|
|
|
### `PrivateKey`
|
|
|
|
Specifies the inline private key to use for TLS.
|
|
|
|
#### Values
|
|
|
|
- Default: none
|
|
- This field is required.
|
|
- Data type: string value of the private key
|
|
|
|
## Examples
|
|
|
|
The following example demonstrates an inline certificate configuration.
|
|
|
|
<Tabs>
|
|
|
|
<Tab heading="HCL" group="hcl">
|
|
|
|
```hcl
|
|
Kind = "inline-certificate"
|
|
Name = "tls-certificate"
|
|
Certificate = "<complete-public-certificate>"
|
|
PrivateKey = "<complete-private-key>"
|
|
```
|
|
|
|
</Tab>
|
|
|
|
<Tab heading="JSON" group="json">
|
|
|
|
```json
|
|
{
|
|
"Kind": "inline-certificate",
|
|
"Name": "tls-certificate",
|
|
"Certificate": "<complete-public-certificate>",
|
|
"PrivateKey": "<complete-private-key>"
|
|
}
|
|
```
|
|
|
|
</Tab>
|
|
</Tabs> |