You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello and thank you for very detailed tutorial.
Have a question related to keeping cert authority certificate,
As long as VAULT_CACERT=ca.pem is set the vault cluster can be accessed.
But, the cleanup script will remove old temporary files including the ca.pem
If this file is not persistent, you will end up adding -tls-skip-verify flag to vault commands; otherwise x509: certificate signed by unknown authority error will appear.
Question, can this cert file be fetched somehow later (similar we do with VAULT_TOKEN)?
Or, should the tutorial be updated to add an instruction how to encrypt the file and store it in the KMS key-ring?
The text was updated successfully, but these errors were encountered:
Hello and thank you for very detailed tutorial.
Have a question related to keeping cert authority certificate,
As long as
VAULT_CACERT=ca.pem
is set thevault
cluster can be accessed.But, the cleanup script will remove old temporary files including the
ca.pem
If this file is not persistent, you will end up adding
-tls-skip-verify
flag to vault commands; otherwisex509: certificate signed by unknown authority
error will appear.Question, can this cert file be fetched somehow later (similar we do with
VAULT_TOKEN
)?Or, should the tutorial be updated to add an instruction how to encrypt the file and store it in the KMS key-ring?
The text was updated successfully, but these errors were encountered: