67 lines
2.1 KiB
YAML
67 lines
2.1 KiB
YAML
|
# Helm template
|
||
|
inject:
|
||
|
enabled: true
|
||
|
# Config contains the configuration files ca.json and defaults.json
|
||
|
config:
|
||
|
files:
|
||
|
ca.json:
|
||
|
root: /home/step/certs/root_ca.crt
|
||
|
federateRoots: []
|
||
|
crt: /home/step/certs/intermediate_ca.crt
|
||
|
key: /home/step/secrets/intermediate_ca_key
|
||
|
address: 127.0.0.1:9000
|
||
|
dnsNames:
|
||
|
- 127.0.0.1
|
||
|
logger:
|
||
|
format: json
|
||
|
db:
|
||
|
type: badgerv2
|
||
|
dataSource: /home/step/db
|
||
|
authority:
|
||
|
enableAdmin: false
|
||
|
provisioners:
|
||
|
tls:
|
||
|
cipherSuites:
|
||
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||
|
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||
|
minVersion: 1.2
|
||
|
maxVersion: 1.3
|
||
|
renegotiation: false
|
||
|
|
||
|
defaults.json:
|
||
|
ca-url: https://127.0.0.1
|
||
|
ca-config: /home/step/config/ca.json
|
||
|
fingerprint:
|
||
|
root: /home/step/certs/root_ca.crt
|
||
|
|
||
|
# Certificates contains the root and intermediate certificate and
|
||
|
# optionally the SSH host and user public keys
|
||
|
certificates:
|
||
|
# intermediate_ca contains the text of the intermediate CA Certificate
|
||
|
intermediate_ca: |
|
||
|
|
||
|
|
||
|
# root_ca contains the text of the root CA Certificate
|
||
|
root_ca: |
|
||
|
|
||
|
|
||
|
# Secrets contains the root and intermediate keys and optionally the SSH
|
||
|
# private keys
|
||
|
secrets:
|
||
|
# ca_password contains the password used to encrypt x509.intermediate_ca_key, ssh.host_ca_key and ssh.user_ca_key
|
||
|
# This value must be base64 encoded.
|
||
|
ca_password:
|
||
|
provisioner_password:
|
||
|
|
||
|
x509:
|
||
|
# intermediate_ca_key contains the contents of your encrypted intermediate CA key
|
||
|
intermediate_ca_key: |
|
||
|
|
||
|
|
||
|
# root_ca_key contains the contents of your encrypted root CA key
|
||
|
# Note that this value can be omitted without impacting the functionality of step-certificates
|
||
|
# If supplied, this should be encrypted using a unique password that is not used for encrypting
|
||
|
# the intermediate_ca_key, ssh.host_ca_key or ssh.user_ca_key.
|
||
|
root_ca_key: |
|
||
|
|