mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
Modify the name of the secrets-url CLI flag to tls-secrets-url [DPP-604] (#10840)
CHANGELOG_BEGIN Modify the name of the secrets-url CLI flag to tls-secrets-url. CHANGELOG_END
This commit is contained in:
parent
d809fd934a
commit
85f6f36fd0
@ -212,7 +212,7 @@ To enable TLS, you need to specify the private key for your server and the
|
||||
certificate chain via ``java -jar daml-on-sql-<version>.jar --pem server.pem --crt server.crt``.
|
||||
You can also supply private key as an encrypted (using a symmetric AES like algorithm)
|
||||
file with an ``.enc`` suffix.
|
||||
While doing so you also need to specify secrets server via ``--secrets-url`` flag
|
||||
While doing so you also need to specify secrets server via ``--tls-secrets-url`` flag
|
||||
which should serve decryption details as a JSON document like so:
|
||||
|
||||
.. code-block:: json
|
||||
@ -224,7 +224,7 @@ which should serve decryption details as a JSON document like so:
|
||||
"key_length" : 128
|
||||
}
|
||||
|
||||
Sample command to start a server with private key encrypted: ``java -jar daml-on-sql-<version>.jar --pem server.pem.enc --crt server.crt --secrets-url http://localhost:8080``.
|
||||
Sample command to start a server with private key encrypted: ``java -jar daml-on-sql-<version>.jar --pem server.pem.enc --crt server.crt --tls-secrets-url http://localhost:8080``.
|
||||
|
||||
By default, the Ledger API requires client authentication as well. You can set a
|
||||
custom root CA certificate used to validate client certificates via ``--cacrt ca.crt``.
|
||||
|
@ -225,7 +225,7 @@ conformance_test(
|
||||
"--crt $$(rlocation $$TEST_WORKSPACE/$(rootpath //ledger/test-common/test-certificates:server.crt))",
|
||||
"--cacrt $$(rlocation $$TEST_WORKSPACE/$(rootpath //ledger/test-common/test-certificates:ca.crt))",
|
||||
"--pem $$(rlocation $$TEST_WORKSPACE/$(rootpath //ledger/test-common/test-certificates:server.pem.enc))",
|
||||
"--secrets-url https://raw.githubusercontent.com/digital-asset/daml/main/ledger/test-common/files/server-pem-decryption-parameters.json",
|
||||
"--tls-secrets-url https://raw.githubusercontent.com/digital-asset/daml/main/ledger/test-common/files/server-pem-decryption-parameters.json",
|
||||
],
|
||||
test_tool_args = [
|
||||
"--verbose",
|
||||
|
@ -323,7 +323,7 @@ object Config {
|
||||
config.withTlsConfig(c => c.copy(keyFile = Some(new File(path))))
|
||||
)
|
||||
|
||||
opt[String]("secrets-url")
|
||||
opt[String]("tls-secrets-url")
|
||||
.optional()
|
||||
.text(
|
||||
"TLS: URL of a secrets service that provide parameters needed to decrypt the private key. Required when private key is encrypted (indicated by '.enc' filename suffix)."
|
||||
|
@ -66,7 +66,7 @@ final class ConfigSpec
|
||||
"some-jdbc-url",
|
||||
"--pem",
|
||||
"key.enc",
|
||||
"--secrets-url",
|
||||
"--tls-secrets-url",
|
||||
"http://aaa",
|
||||
)
|
||||
)
|
||||
|
@ -122,7 +122,7 @@ class CommonCliBase(name: LedgerName) {
|
||||
)
|
||||
)
|
||||
|
||||
opt[String]("secrets-url")
|
||||
opt[String]("tls-secrets-url")
|
||||
.optional()
|
||||
.text(
|
||||
"TLS: URL of a secrets service that provides parameters needed to decrypt the private key. Required when private key is encrypted (indicated by '.enc' filename suffix)."
|
||||
|
@ -124,7 +124,7 @@ abstract class CommonCliSpecBase(
|
||||
Array(
|
||||
"--pem",
|
||||
"key.enc",
|
||||
"--secrets-url",
|
||||
"--tls-secrets-url",
|
||||
"http://aaa",
|
||||
),
|
||||
_.copy(tlsConfig =
|
||||
|
Loading…
Reference in New Issue
Block a user