Package io.quarkus.vault.runtime.config
Class VaultTlsConfig
- java.lang.Object
-
- io.quarkus.vault.runtime.config.VaultTlsConfig
-
public class VaultTlsConfig extends Object
-
-
Field Summary
Fields Modifier and Type Field Description Optional<String>caCertCertificate bundle used to validate TLS communications with Vault.Optional<Boolean>skipVerifyAllows to bypass certificate validation on TLS communications.booleanuseKubernetesCaCertIf true and Vault authentication type is kubernetes, TLS will be active and the cacert path will be set to /var/run/secrets/kubernetes.io/serviceaccount/ca.crt.
-
Constructor Summary
Constructors Constructor Description VaultTlsConfig()
-
-
-
Field Detail
-
skipVerify
@ConfigItem public Optional<Boolean> skipVerify
Allows to bypass certificate validation on TLS communications.If true this will allow TLS communications with Vault, without checking the validity of the certificate presented by Vault. This is discouraged in production because it allows man in the middle type of attacks.
-
caCert
@ConfigItem public Optional<String> caCert
Certificate bundle used to validate TLS communications with Vault.The path to a pem bundle file, if TLS is required, and trusted certificates are not set through javax.net.ssl.trustStore system property.
-
useKubernetesCaCert
@ConfigItem(defaultValue="true") public boolean useKubernetesCaCert
If true and Vault authentication type is kubernetes, TLS will be active and the cacert path will be set to /var/run/secrets/kubernetes.io/serviceaccount/ca.crt. If set, this setting will take precedence over property quarkus.vault.tls.ca-cert. This means that if Vault authentication type is kubernetes and we want to use quarkus.vault.tls.ca-cert or system property javax.net.ssl.trustStore, then this property should be set to false.
-
-