Skip to content

Commit

Permalink
refactor: add missing PKCS12 support configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@npepinpe
npepinpe committed Mar 7, 2025
1 parent fa1a262 commit 2d60107
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 12 deletions.
16 changes: 11 additions & 5 deletions docs/self-managed/zeebe-deployment/configuration/broker.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,11 +160,14 @@ network:

### zeebe.broker.network.security

| Field | Description | Example Value |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_ENABLED`. | false |
| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_CERTIFICATECHAINPATH`. | |
| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_PRIVATEKEYPATH`. | |
| Field | Description | Example Value |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------- |
| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_ENABLED`. | false |
| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_CERTIFICATECHAINPATH`. | |
| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_PRIVATEKEYPATH`. | |
| keyStore | Configures the keystore file containing both the certificate chain and the private key; currently only supports PKCS12 format. | |
| keyStore.filePath | The path for keystore file; This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_KEYSTORE_FILEPATH`. | /path/key.pem |
| keyStore.password | Sets the password for the keystore file, if not set it is assumed there is no password; This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_KEYSTORE_PASSWORD` | changeme |

#### YAML snippet

Expand All @@ -173,6 +176,9 @@ security:
enabled: false
certificateChainPath:
privateKeyPath:
keyStore:
filePath:
password:
```

### zeebe.broker.network.commandApi
Expand Down
20 changes: 13 additions & 7 deletions docs/self-managed/zeebe-deployment/configuration/gateway.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,19 +242,25 @@ You can read more about intra-cluster security on [its dedicated page](../securi

:::

| Field | Description | Example value |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_ENABLED`. | false |
| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH`. | |
| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH`. | |
| Field | Description | Example value |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_ENABLED`. | false |
| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH`. | |
| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH`. | |
| keyStore | Configures the keystore file containing both the certificate chain and the private key; currently only supports PKCS12 format. | |
| keyStore.filePath | The path for keystore file; This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_KEYSTORE_FILEPATH`. | /path/key.pem |
| keyStore.password | Sets the password for the keystore file, if not set it is assumed there is no password; This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_KEYSTORE_PASSWORD` | changeme |

#### YAML snippet

```yaml
security:
enabled: false
certificateChainPath: null
privateKeyPath: null
certificateChainPath:
privateKeyPath:
keyStore:
filePath:
password:
```

### zeebe.gateway.cluster.security.authentication
Expand Down

0 comments on commit 2d60107

Please sign in to comment.