The following are optional TLS settings:
- verify_host=ENABLE|DISABLE
- When enabled, verify that the certificate provided by the server has a Common Name (CN) field or a Subject Alternate Name
(SAN) field which matches the hostname in the URL that the mfsecretshashicorp vault provider is connecting to.
The default value is ENABLE.
For example, in the configuration file:
verify_host=ENABLE
- verify_peer=ENABLE|DISABLE
- When enabled, the mfsecretshashicorp vault provider will verify the authenticity of the server's certificate against the
certification authority (CA) certificates supplied to the ca_path config option.
The default value is ENABLE.
For example, in the configuration file:
verify_peer=ENABLE
- tls_protocol=TLSv1_0|TLSv1_1|TLSv1_2|TLSv1_3
- Specifies which TLS protocols the mfsecretshashicorp vault provider can use.
where:
- TLSv1_0
- TLS v1.0 or later. This is the default value.
- TLSv1_1
- TLS v1.1
- TLSv1_2
- TLS v1.2
- TLSv1_3
- TLS v1.3
For example, in the configuration file:
tls_protocol=TLSv1_3