diff --git a/content/boundary/v0.21.x/content/docs/workers/index.mdx b/content/boundary/v0.21.x/content/docs/workers/index.mdx index 41bac5d425..6fa080d16b 100644 --- a/content/boundary/v0.21.x/content/docs/workers/index.mdx +++ b/content/boundary/v0.21.x/content/docs/workers/index.mdx @@ -30,7 +30,7 @@ If you are using pre-0.15 workers with pre-0.15 upstream configurations, please ## Signals -The `SIGHUP` signal causes a worker to reload its configuration file to pick up any updates for the `initial_upstreams` and `tags` values. +The `SIGHUP` signal causes a worker to reload its configuration file to pick up any updates for the `initial_upstreams`, `tags`, and `ssh_known_hosts_path` values. Boundary ignores other updated values. The `SIGTERM` and `SIGINT` signals initiate a graceful shutdown on a worker. The worker waits for any sessions to drain diff --git a/content/boundary/v0.21.x/content/partials/configuration-reference/workers/common-worker-parameters.mdx b/content/boundary/v0.21.x/content/partials/configuration-reference/workers/common-worker-parameters.mdx index f22e681f80..226973b365 100644 --- a/content/boundary/v0.21.x/content/partials/configuration-reference/workers/common-worker-parameters.mdx +++ b/content/boundary/v0.21.x/content/partials/configuration-reference/workers/common-worker-parameters.mdx @@ -55,6 +55,10 @@ worker { `initial_upstreams`. This parameter is valid only for workers using the worker-led or controller-led registration method and for workers directly connected to HCP Boundary. +- `ssh_known_hosts_path` - Specifies the path of the `known_hosts` file that the worker uses to verify an SSH target's SSH host key. The path must already exist. If you do not provide a path, the + worker skips host key verification. On `SIGHUP`, the `known_hosts` file is reparsed and the new values are used. + SSH targets and SSH credential injection are Enterprise-only features. + - `recording_storage_path` - A path to the local storage for recorded sessions. Boundary stores session recordings in the local storage while they are in progress. When the session is complete, Boundary moves the local session recording to remote storage and deletes the local copy.