search

silas / node-consul

Consul client
https://www.npmjs.com/package/consul
MIT License
560 stars 83 forks source link

Client TLS support #120

Closed mikehardenize closed 3 years ago

mikehardenize commented 3 years ago

Clients which connect to our consul cluster need to use client certificates signed by the clusters CA. I don't see any options in this library for using client certs.

mikehardenize commented 3 years ago

Hmm. I've got this working. Seems you can just pass cert and key options and they get passed through to papi which use them. I.e, the following works for me:

const consul = require('consul')({
  secure: true,
  ca:     await fs.readFile('/tls/ca.crt'),
  cert:   await fs.readFile('/tls/client.crt'),
  key:    await fs.readFile('/tls/client.key'),
  ...
});

I think this would be worth adding to the docs at the same location as the information about the "ca" option. I don't think it's that unusual to use client certs with consul.

silas commented 3 years ago

I added at note about the various tls options supported to the readme.

Thanks for reporting.