aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '090b2b28f8'
${ noResults }
boundary/website/content/docs/configuration/worker/pki-worker.mdx

64 lines
1.4 KiB
Raw Blame History

---
layout: docs
page_title: PKI Worker Configuration
description: |-
PKI worker-specific parameters.
---
## PKI Worker Configuration
PKI Workers authenticate to Boundary using a certificate-based method, allowing
for worker deployment without using a shared KMS.
PKI Workers require an accessible directory defined by `auth_storage_path` for
credential storage.
Example (not safe for production!):
```hcl
worker {
auth_storage_path="/boundary/demo-worker-1"
initial_upstreams = ["10.0.0.1"]
}
```
~> **Note:** `name` and `description` fields are not valid config fields for PKI
workers. These fields are only valid for [KMS Workers][]. `name` and
`description` can only be set for PKI workers through the API.
# Complete Configuration Example
```hcl
listener "tcp" {
purpose = "proxy"
tls_disable = true
address = "127.0.0.1"
}
worker {
# Path for worker storage. Must be unique across workers
auth_storage_path="/boundary/demo-worker-1"
# Workers typically need to reach upstreams on :9201
initial_upstreams = [
"10.0.0.1",
"10.0.0.2",
"10.0.0.3",
]
public_addr = "myhost.mycompany.com"
tags {
type = ["prod", "webservers"]
region = ["us-east-1"]
}
}
```
[kms workers]: /docs/configuration/worker/kms-worker
## Tutorial
Refer to the [Self-Managed Worker Registration with HCP Boundary](https://learn.hashicorp.com/tutorials/boundary/hcp-manage-workers) tutorial to learn how to register and manage PKI workers.
Reference in new issue View Git Blame Copy Permalink