Merge pull request #2572 from hashicorp/docs-2571-cli-tls

Mention required cli config when using tls
2017-04-18 09:40:43 -07:00 · 2017-04-18 09:40:43 -07:00 · 25a2717a3b
parent 5a08ea7801 772f301b6b
commit 25a2717a3b
1 changed files with 21 additions and 0 deletions
--- a/website/source/docs/agent/encryption.html.md
+++ b/website/source/docs/agent/encryption.html.md
@ -51,6 +51,27 @@ TLS is used to secure the RPC calls between agents, but gossip between nodes is
 done over UDP and is secured using a symmetric key. See above for enabling
 gossip encryption.

+### Configuring the command line tool
+
+If you have HTTPS enabled for your Nomad agent, you must export environment
+variables for the command line tool to also use HTTPS:
+
+```sh
+# NOMAD_ADDR defaults to http://, so set it to https
+# Alternatively you can use the -address flag
+export NOMAD_ADDR=https://127.0.0.1:4646
+
+# Set the location of your CA certificate
+# Alternatively you can use the -ca-cert flag
+export NOMAD_CACERT=/path/to/ca.pem
+```
+
+Run any command except `agent` with `-h` to see all environment variables and
+flags. For example: `nomad status -h`
+
+Since HTTPS currently does not validate client certificates you do not need to
+give the command line tool access to any private keys.
+
 ## Encryption Examples

 ### TLS Configuration using `cfssl`