Skip to content

Commit

Permalink
ita: updated trusted_certs_paths property documentation
Browse files Browse the repository at this point in the history
Updated Attestation Token Configuration section in documentation which describes supported trusted_certs_paths values:

- Local PEM file
- Valid URL (local and remote) pointing to JWKSet

Signed-off-by: Pawel Proskurnicki <[email protected]>
  • Loading branch information
pawelpros authored and fitzthum committed Sep 30, 2024
1 parent 3b7e73d commit 7df333d
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions kbs/docs/config.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,11 @@ The following properties can be set under the `attestation_token_config` section

>This section is available only when the `resource` feature is enabled.
| Property | Type | Description | Required | Default |
|----------------------------|---------------|-----------------------------------------------------|----------|-----------|
| `attestation_token_config` | String | Attestation token broker type. Valid values: `CoCo` | Yes | - |
| `trusted_certs_paths` | String Array | Trusted root certificates file paths (PEM format). | No | - |
| Property | Type | Description | Required | Default |
|----------------------------|--------------|-------------------------------------------------------------------------------------------------------------------------------------|----------|---------|
| `attestation_token_config` | String | Attestation token broker type. Valid values: `CoCo` | Yes | - |
| `trusted_certs_paths` | String Array | Trusted Certificates file (PEM format) or a valid Url (`file://` or `https://`) pointing to a JWKSet certificates (local or OpenID) | No | - |


If `trusted_certs_paths` is set, KBS will forcibly check the validity of the Attestation Token signature public key certificate,
if not set this field, KBS will skip the verification of the certificate.
Expand Down

0 comments on commit 7df333d

Please sign in to comment.