luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

change vault ca docs to mention root cert ttl config (#11488) 

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
This commit is contained in:
FFMMM 2021-11-04 15:44:22 -07:00 committed by GitHub
parent 7fbf749bc4
commit 573ea1a95d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
website/content/docs/connect/ca/vault.mdx
View File

@ -95,10 +95,13 @@ The configuration options are listed below.
- `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to - `RootPKIPath` / `root_pki_path` (`string: <required>`) - The path to
a PKI secrets engine for the root certificate. If the path does not a PKI secrets engine for the root certificate. If the path does not
exist, Consul will mount a new PKI secrets engine at the specified path with exist, Consul will mount a new PKI secrets engine at the specified path with the
`RootCertTTL` value as the root certificate's TTL. If the `RootCertTTL` is not set,
a [`max_lease_ttl`](https://www.vaultproject.io/api/system/mounts#max_lease_ttl) a [`max_lease_ttl`](https://www.vaultproject.io/api/system/mounts#max_lease_ttl)
of 8760 hours, or 1 year. This TTL value specifies the expiry period of the of 87600 hours, or 10 years is applied by default as of Consul 1.11 and later.
root certificate and is currently not configurable.
Prior to Consul 1.11, the root certificate TTL was set to 8760 hour, or 1 year, and
was not configurable.
- `IntermediatePKIPath` / `intermediate_pki_path` (`string: <required>`) - - `IntermediatePKIPath` / `intermediate_pki_path` (`string: <required>`) -
The path to a PKI secrets engine for the generated intermediate certificate. The path to a PKI secrets engine for the generated intermediate certificate.