doc/radosgw/vault: add documentation for ssl authentication

Now RGW server can use custom ssl certs to authenticate with vault server, adding steps for the same Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
2024-12-30 07:23:11 +00:00 · 2020-12-04 16:24:07 +05:30 · 2020-12-04 16:24:07 +05:30 · c2af1cdc13
commit c2af1cdc13
parent 5b9139bd36
1 changed files with 13 additions and 0 deletions
--- a/doc/radosgw/vault.rst
+++ b/doc/radosgw/vault.rst
@ -400,6 +400,19 @@ Or, when using the transit secret engine::
 In the example above, the Gateway would only fetch transit encryption keys under
 ``https://vault-server:8200/v1/transit``.

+You can use custom ssl certs to authenticate with vault with help of
+following options::
+
+  rgw crypt vault verify ssl = true
+  rgw crypt vault ssl cacert = /etc/ceph/vault.ca
+  rgw crypt vault ssl clientcert = /etc/ceph/vault.crt
+  rgw crypt vault ssl clientkey = /etc/ceph/vault.key
+
+where vault.ca is CA certificate and vault.key/vault.crt are private key and ssl
+ceritificate generated for RGW to access the vault server. It highly recommended to
+set this option true, setting false is very dangerous and need to avoid since this
+runs in very secured enviroments.
+
 Transit engine compatibility support
 ------------------------------------
 The transit engine has compatibility support for previous