How to add self signed cert into the trust store ?

hashicorp / vault-service-broker

The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.

https://www.vaultproject.io/

Mozilla Public License 2.0

84 stars 38 forks source link

How to add self signed cert into the trust store ? #7

Closed alwaysastudent closed 7 years ago

alwaysastudent commented 7 years ago

Is there a way to trust the self signed cert that is being used in the vault service from this broker ?

sethvargo commented 7 years ago

Hi @alwaysastudent

I'm not sure what you're asking here. We do not do any certificate generation in this service broker.

alwaysastudent commented 7 years ago

I have enabled TLS in the vault server with self signed certificates.

How can I tell the cf broker to use the specified certificate file to verify the peer ? I can work around this by setting an env variable. But not sure it is ideal.

cf set-env vault-broker VAULT_SKIP_VERIFY  "true"

sethvargo commented 7 years ago

Hi @alwaysastudent

You would need to set some of the following environment variables in the broker to point to a valid certificate:

VAULT_CACERT
VAULT_CAPATH
VAULT_CLIENT_CERT
VAULT_CLIENT_KEY
VAULT_TLS_SERVER_NAME