From cf1028e90441b5bbb15103085c054504ac80c9b0 Mon Sep 17 00:00:00 2001 From: Peter Matulis Date: Tue, 23 Jun 2020 00:43:59 -0400 Subject: [PATCH] Point from Vault page to Cert page Change-Id: Icb335809742e2575328f0b3507571f18c7a63505 --- deploy-guide/source/app-vault.rst | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/deploy-guide/source/app-vault.rst b/deploy-guide/source/app-vault.rst index e41f1bb..a788c41 100644 --- a/deploy-guide/source/app-vault.rst +++ b/deploy-guide/source/app-vault.rst @@ -1,5 +1,6 @@ +================= Appendix C: Vault -============================== +================= Overview ++++++++ @@ -109,11 +110,10 @@ environment variable each time to point at the individual units. vault operator unseal djvVAAste0F5iSe43nmBs2ZX5r+wUqHe4UfUrcprWkyM vault operator unseal iSXHBdTNIKrbd3JIEI+n+q7j04Q4HPsQOHgk7apupttT - Authorize vault charm ~~~~~~~~~~~~~~~~~~~~~ -vault is now ready for use - however the charm needs to be authorized +Vault is now ready for use - however the charm needs to be authorized using a root token to be able to create secrets storage back-ends and roles to allow other applications to access vault for encryption key storage. @@ -149,6 +149,19 @@ After the action completes execution, the vault unit will go active and any pending requests for secrets storage will be processed for consuming applications. +Managing TLS certificates +~~~~~~~~~~~~~~~~~~~~~~~~~ + +Vault can be used to manage a deployment's TLS certificates, either by basing +them on a self-signed CA certificate (that Vault can generate by itself) or on +a third-party CA certificate that you can upload to Vault. It is the +recommended way to use TLS in Charmed OpenStack. This topic is covered on the +`Certificate lifecycle management`_ page. + +.. note:: + + The OVN charms require TLS certificates to be managed by Vault. + Enabling HA ~~~~~~~~~~~ @@ -239,3 +252,6 @@ and the appropriate unseal keys): vault operator unseal iSXHBdTNIKrbd3JIEI+n+q7j04Q4HPsQOHgk7apupttT The ``juju status`` command will return: ``active, Unit is ready...`` + +.. LINKS +.. _Certificate lifecycle management: app-certificate-management.html