Is your feature request related to a problem? Please describe.
Currently the --insecure flag is overloaded to be both --http-only and --tls-skip-verify. This means that if you have a resource w/ a self-signed cert (like a OCI/Docker registry) Zarf will be unable to access that resource because it only requests over HTTP.
For 1.0 it would be beneficial if these flags were separated similar to other tools helm, oras.
Not sure if you want Helm's full blown CA support though:
--ca-file string verify certificates of HTTPS-enabled servers using this CA bundle
--cert-file string identify HTTPS client using this SSL certificate file
--insecure-skip-tls-verify skip tls certificate checks for the repository
--key-file string identify HTTPS client using this SSL key file
Agree with this and added a good first issue label. We can deprecate and hide the --insecure flag and have it set --http-only to true and --insecure-tls-skip-verify to true for any legacy users of --insecure.
Is your feature request related to a problem? Please describe.
Currently the
--insecure
flag is overloaded to be both--http-only
and--tls-skip-verify
. This means that if you have a resource w/ a self-signed cert (like a OCI/Docker registry) Zarf will be unable to access that resource because it only requests over HTTP.For 1.0 it would be beneficial if these flags were separated similar to other tools
helm
,oras
.Not sure if you want Helm's full blown CA support though: