docs(workers): add documentation for pki worker cred encryption (#2397)

* docs(workers): add documentation for pki worker cred encryption
pull/2401/head
Irena Rindos 4 years ago committed by GitHub
parent 1cb287bdbe
commit 547e7a5970
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -22,6 +22,19 @@ worker {
}
```
## KMS Configuration
PKI Workers credentials can be encrypted by including an optional KMS stanza with the purpose `worker-auth-storage`.
Example (not safe for production!):
```hcl
kms "aead" {
purpose = "worker-auth-storage"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "worker-auth-storage"
}
```
~> **Note:** `name` and `description` fields are not valid config fields for PKI
workers. These fields are only valid for [KMS Workers][]. `name` and
`description` can only be set for PKI workers through the API.
@ -54,6 +67,15 @@ worker {
}
}
# The following KMS config is an example only
# Use a production KMS such as AWS KMS for production installs
kms "aead" {
purpose = "worker-auth-storage"
aead_type = "aes-gcm"
key = "8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ="
key_id = "worker-auth-storage"
}
```
[kms workers]: /docs/configuration/worker/kms-worker

Loading…
Cancel
Save