Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helm chart encryption docs minor formatting fixes #111 #112

Merged
merged 1 commit into from
Feb 20, 2024
+13 −12
Merged

Helm chart encryption docs minor formatting fixes #111 #112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion documentation/asciidoc/topics/proc_adding_credentials.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Create {brandname} user credentials and assign roles that grant security authori

.Procedure

. Create credentials by specifying a `user create` command in the `deploy.security.batch` field.
. Create credentials by specifying the `user create` command in the `deploy.security.batch` field.
+
.User with implicit authorization
[source,yaml,options="nowrap",subs=attributes+]
Expand Down
23 changes: 12 additions & 11 deletions documentation/asciidoc/topics/proc_enabling_encryption.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,33 +5,34 @@
Encryption can be independently enabled for endpoint and cluster transport.

.Prerequisites

* A secret containing a certificate or a keystore. Endpoint and cluster should use different secrets.
* A credentials keystore containing any password needed to access the keystore. See <<Adding credentials keystore>>.

.Procedure

.Set the secret name in the deploy configuration

Provide the name of the secret containing the keystore.
. Set the secret name in the deploy configuration.
+
Provide the name of the secret containing the keystore:
+
[source,yaml,options="nowrap",subs=attributes+]
----
include::yaml/tls_secretname.yaml[]
----

.Enable cluster transport TLS

. Enable cluster transport TLS.
+
[source,yaml,options="nowrap",subs=attributes+]
----
include::yaml/transport_encryption.yaml[]
----
<1> Configures the transport stack to use the specified security-realm to provide cluster encryption.
<2> Configure the keystore path in the transport realm; secret is mounted at `/etc/encrypt/transport`.
<3> Configure the credentials keystore containing the needed password to open the keystore/truststore
<4> Configures the truststore with the same keystore, this allows the nodes to authenticate each other.

.Enable endpoint TLS

<2> Configure the keystore path in the transport realm. The secret is mounted at `/etc/encrypt/transport`.
<3> Configures the truststore with the same keystore allowing the nodes to authenticate each other.
<4> Alias and password must be provided in case the secret contains a keystore.

. Enable endpoint TLS.
+
[source,yaml,options="nowrap",subs=attributes+]
----
include::yaml/endpoint_encryption.yaml[]
Expand Down
Loading