-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathe5s.yaml
More file actions
36 lines (26 loc) · 1.24 KB
/
e5s.yaml
File metadata and controls
36 lines (26 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# e5s configuration file
# This single file is used by both server and client processes
spire:
# Path to SPIRE Agent's Workload API socket
# Default for SPIRE: unix:///tmp/spire-agent/public/api.sock
workload_socket: unix:///tmp/spire-agent/public/api.sock
# (Optional) How long to wait for identity from SPIRE before failing startup
# If not set, defaults to 30s
# initial_fetch_timeout: 30s
server:
# Address to listen on for mTLS connections
listen_addr: ":8443"
# Client authorization policy (exactly one of these should be set)
# Option 1: Allow ONLY this specific client SPIFFE ID
# allowed_client_spiffe_id: "spiffe://example.org/workload-client"
# Option 2: Allow any client in this trust domain (used in this example)
allowed_client_trust_domain: "example.org"
client:
# Server URL to connect to
# Example: "https://localhost:8443/time" or "https://e5s-server:8443/api"
server_url: "https://localhost:8443/time"
# Server authentication policy (exactly one of these should be set)
# Option 1: Require this exact server SPIFFE ID
# expected_server_spiffe_id: "spiffe://example.org/api-server"
# Option 2: Allow any server in this trust domain (used in this example)
expected_server_trust_domain: "example.org"