diff --git a/command/agent/command.go b/command/agent/command.go index f66924763..e059f8eb6 100644 --- a/command/agent/command.go +++ b/command/agent/command.go @@ -120,6 +120,15 @@ func (c *Command) readConfig() *Config { }), "vault-allow-unauthenticated", "") flags.StringVar(&cmdConfig.Vault.Token, "vault-token", "", "") flags.StringVar(&cmdConfig.Vault.Addr, "vault-address", "", "") + flags.StringVar(&cmdConfig.Vault.TLSCaFile, "vault-ca-file", "", "") + flags.StringVar(&cmdConfig.Vault.TLSCaPath, "vault-ca-path", "", "") + flags.StringVar(&cmdConfig.Vault.TLSCertFile, "vault-cert-file", "", "") + flags.StringVar(&cmdConfig.Vault.TLSKeyFile, "vault-key-file", "", "") + flags.Var((flaghelper.FuncBoolVar)(func(b bool) error { + cmdConfig.Vault.TLSSkipVerify = &b + return nil + }), "vault-tls-skip-verify", "") + flags.StringVar(&cmdConfig.Vault.TLSServerName, "vault-tls-server-name", "", "") if err := flags.Parse(c.args); err != nil { return nil @@ -915,6 +924,26 @@ Vault Options: Whether to allow jobs to be sumbitted that request Vault Tokens but do not authentication. The flag only applies to Servers. + -vault-ca-file= + The path to a PEM-encoded CA cert file to use to verify the Vault server SSL + certificate. + + -vault-ca-path= + The path to a directory of PEM-encoded CA cert files to verify the Vault server + certificate. + + -vault-cert-file= + The path to the certificate for Vault communication. + + -vault-key-file= + The path to the private key for Vault communication. + + -vault-tls-skip-verify= + Enables or disables SSL certificate verification. + + -vault-tls-server-name= + Used to set the SNI host when connecting over TLS. + Atlas Options: -atlas=