diff --git a/docs/self-managed/zeebe-deployment/configuration/broker.md b/docs/self-managed/zeebe-deployment/configuration/broker.md index 31b92dac76d..9b8201ac895 100644 --- a/docs/self-managed/zeebe-deployment/configuration/broker.md +++ b/docs/self-managed/zeebe-deployment/configuration/broker.md @@ -160,11 +160,14 @@ network: ### zeebe.broker.network.security -| Field | Description | Example Value | -| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_ENABLED`. | false | -| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_CERTIFICATECHAINPATH`. | | -| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_PRIVATEKEYPATH`. | | +| Field | Description | Example Value | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------- | +| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_ENABLED`. | false | +| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_CERTIFICATECHAINPATH`. | | +| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_PRIVATEKEYPATH`. | | +| keyStore | Configures the keystore file containing both the certificate chain and the private key; currently only supports PKCS12 format. | | +| keyStore.filePath | The path for keystore file; This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_KEYSTORE_FILEPATH`. | /path/key.pem | +| keyStore.password | Sets the password for the keystore file, if not set it is assumed there is no password; This setting can also be overridden using the environment variable `ZEEBE_BROKER_NETWORK_SECURITY_KEYSTORE_PASSWORD` | changeme | #### YAML snippet @@ -173,6 +176,9 @@ security: enabled: false certificateChainPath: privateKeyPath: + keyStore: + filePath: + password: ``` ### zeebe.broker.network.commandApi diff --git a/docs/self-managed/zeebe-deployment/configuration/gateway.md b/docs/self-managed/zeebe-deployment/configuration/gateway.md index ac1593b8043..d3c9603ed7c 100644 --- a/docs/self-managed/zeebe-deployment/configuration/gateway.md +++ b/docs/self-managed/zeebe-deployment/configuration/gateway.md @@ -242,19 +242,25 @@ You can read more about intra-cluster security on [its dedicated page](../securi ::: -| Field | Description | Example value | -| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_ENABLED`. | false | -| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH`. | | -| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH`. | | +| Field | Description | Example value | +| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| enabled | Enables TLS authentication between this gateway and other nodes in the cluster. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_ENABLED`. | false | +| certificateChainPath | Sets the path to the certificate chain file. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_CERTIFICATECHAINPATH`. | | +| privateKeyPath | Sets the path to the private key file location. This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_PRIVATEKEYPATH`. | | +| keyStore | Configures the keystore file containing both the certificate chain and the private key; currently only supports PKCS12 format. | | +| keyStore.filePath | The path for keystore file; This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_KEYSTORE_FILEPATH`. | /path/key.pem | +| keyStore.password | Sets the password for the keystore file, if not set it is assumed there is no password; This setting can also be overridden using the environment variable `ZEEBE_GATEWAY_CLUSTER_SECURITY_KEYSTORE_PASSWORD` | changeme | #### YAML snippet ```yaml security: enabled: false - certificateChainPath: null - privateKeyPath: null + certificateChainPath: + privateKeyPath: + keyStore: + filePath: + password: ``` ### zeebe.gateway.cluster.security.authentication