Consul
Inline certificate configuration reference
This topic provides reference information for the inline certificate configuration entry. The inline certificate secures TLS for the Consul API gateway on VMs. In production environments, we recommend you use the more secure file system certificate configuration entry instead.
The inline certificate configuration entry is not used for Consul on Kubernetes deployments. To learn about configuring certificates for Kubernetes environments, refer to Gateway Resource Configuration.
Configuration model
The following list outlines field hierarchy, language-specific data types, and
requirements in an inline-certificate
configuration entry. Click on a property name
to view additional details, including default values.
Kind
: string | must be"inline-certificate"
Name
: string | no defaultNamespace
: string | no default EnterprisePartition
: string | no default EnterpriseMeta
: map | no defaultCertificate
: string | no defaultPrivateKey
: string | no default
Complete configuration
When every field is defined, an inline-certificate
configuration entry has the following form:
Kind = "inline-certificate"
Name = "<name of certificate>"
Meta = {
"<any key>" = "<any value>"
}
Certificate = "<public certificate>"
PrivateKey = "<private key>"
Specification
Kind
Specifies the type of configuration entry to implement.
Values
- Default: none
- This field is required.
- Data type: string that must equal
"inline-certificate"
Name
Specifies a name for the configuration entry. The name is metadata that you can use to reference the configuration entry when performing Consul operations, such as applying a configuration entry to a specific cluster.
Values
- Default: none
- This field is required.
- Data type: string
Namespace
Enterprise
Specifies the Enterprise namespace to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Partition
Enterprise
Specifies the Enterprise admin partition to apply to the configuration entry.
Values
- Default:
"default"
in Enterprise - Data type: string
Meta
Specifies an arbitrary set of key-value pairs to associate with the gateway.
Values
- Default: none
- Data type: map containing one or more keys and string values.
Certificate
Specifies the inline public certificate to use for TLS.
Values
- Default: none
- This field is required.
- Data type: string value of the public certificate
PrivateKey
Specifies the inline private key to use for TLS.
Values
- Default: none
- This field is required.
- Data type: string value of the private key
Examples
The following example demonstrates an inline certificate configuration.
Kind = "inline-certificate"
Name = "tls-certificate"
Certificate = "<complete-public-certificate>"
PrivateKey = "<complete-private-key>"