Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS server name to Vault stanza of Agent configuration #7519

Merged
merged 3 commits into from
Oct 29, 2019
Merged

Add TLS server name to Vault stanza of Agent configuration #7519

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a6a99b1
feat(agent): Add TLS server name to Vault stanza of Agent configuration
dbellinghoven Sep 26, 2019
e9f970c
Merge branch 'master' into branch 'add-tls-server-name-agent'
dbellinghoven Oct 25, 2019
a6ec7f4
chore(command/agent): Minor formatting
dbellinghoven Oct 25, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions command/agent.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,12 @@ func (c *AgentCommand) Run(args []string) int {
Default: false,
EnvVar: api.EnvVaultSkipVerify,
})
c.setStringFlag(f, config.Vault.TLSServerName, &StringVar{
Name: flagTLSServerName,
Target: &c.flagTLSServerName,
Default: "",
EnvVar: api.EnvVaultTLSServerName,
})
}

infoKeys := make([]string, 0, 10)
Expand Down
1 change: 1 addition & 0 deletions command/agent/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ type Vault struct {
TLSSkipVerifyRaw interface{} `hcl:"tls_skip_verify"`
ClientCert string `hcl:"client_cert"`
ClientKey string `hcl:"client_key"`
TLSServerName string `hcl:"tls_server_name"`
}

type Cache struct {
Expand Down
2 changes: 1 addition & 1 deletion command/base.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ func (c *BaseCommand) flagSet(bit FlagSetBit) *FlagSets {
})

f.StringVar(&StringVar{
Name: "tls-server-name",
Name: flagTLSServerName,
Target: &c.flagTLSServerName,
Default: "",
EnvVar: api.EnvVaultTLSServerName,
Expand Down
3 changes: 3 additions & 0 deletions command/commands.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,9 @@ const (
// flagNameTLSSkipVerify is the flag used in the base command to read in
// the option to ignore TLS certificate verification.
flagNameTLSSkipVerify = "tls-skip-verify"
// flagTLSServerName is the flag used in the base command to read in
// the TLS server name.
flagTLSServerName = "tls-server-name"
// flagNameAuditNonHMACRequestKeys is the flag name used for auth/secrets enable
flagNameAuditNonHMACRequestKeys = "audit-non-hmac-request-keys"
// flagNameAuditNonHMACResponseKeys is the flag name used for auth/secrets enable
Expand Down
4 changes: 4 additions & 0 deletions website/source/docs/agent/index.html.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,10 @@ configuration entries:
security of data transmissions to and from the Vault server. This value can
be overridden by setting the `VAULT_SKIP_VERIFY` environment variable.

- `tls_server_name (string: optional)` - Name to use as the SNI host when
connecting via TLS. This value can be overridden by setting the
`VAULT_TLS_SERVER_NAME` environment variable.

## Example Configuration

An example configuration, with very contrived values, follows:
Expand Down