aboutsummaryrefslogtreecommitdiffstats
path: root/client/go/internal/cli/cmd/cert.go
diff options
context:
space:
mode:
Diffstat (limited to 'client/go/internal/cli/cmd/cert.go')
-rw-r--r--client/go/internal/cli/cmd/cert.go22
1 files changed, 15 insertions, 7 deletions
diff --git a/client/go/internal/cli/cmd/cert.go b/client/go/internal/cli/cmd/cert.go
index 5c1ed04ab4e..1cc50b1faea 100644
--- a/client/go/internal/cli/cmd/cert.go
+++ b/client/go/internal/cli/cmd/cert.go
@@ -1,4 +1,4 @@
-// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
// vespa cert command
// Author: mpolden
package cmd
@@ -21,8 +21,8 @@ func newCertCmd(cli *CLI) *cobra.Command {
)
cmd := &cobra.Command{
Use: "cert",
- Short: "Create a new private key and self-signed certificate for data-plane access with Vespa Cloud",
- Long: `Create a new private key and self-signed certificate for data-plane access with Vespa Cloud.
+ Short: "Create a new self-signed certificate for authentication with Vespa Cloud data plane",
+ Long: `Create a new self-signed certificate for authentication with Vespa Cloud data plane.
The private key and certificate will be stored in the Vespa CLI home directory
(see 'vespa help config'). Other commands will then automatically load the
@@ -32,8 +32,10 @@ package specified as an argument to this command (default '.').
It's possible to override the private key and certificate used through
environment variables. This can be useful in continuous integration systems.
-It's also possible override the CA certificate which can be useful when using self-signed certificates with a
-self-hosted Vespa service. See https://docs.vespa.ai/en/mtls.html for more information.
+It's also possible override the CA certificate which can be useful when using
+self-signed certificates with a self-hosted Vespa service.
+See https://docs.vespa.ai/en/operations-selfhosted/mtls.html for more
+information.
Example of setting the CA certificate, certificate and key in-line:
@@ -47,12 +49,18 @@ Example of loading CA certificate, certificate and key from custom paths:
export VESPA_CLI_DATA_PLANE_CERT_FILE=/path/to/cert
export VESPA_CLI_DATA_PLANE_KEY_FILE=/path/to/key
+Example of disabling verification of the server's certificate chain and
+hostname:
+
+ export VESPA_CLI_DATA_PLANE_TRUST_ALL=true
+
Note that when overriding key pair through environment variables, that key pair
will always be used for all applications. It's not possible to specify an
application-specific key.
-Read more in https://cloud.vespa.ai/en/security/guide`,
- Example: `$ vespa auth cert -a my-tenant.my-app.my-instance
+See https://cloud.vespa.ai/en/security/guide for more details.`,
+ Example: `$ vespa auth cert
+$ vespa auth cert -a my-tenant.my-app.my-instance
$ vespa auth cert -a my-tenant.my-app.my-instance path/to/application/package`,
DisableAutoGenTag: true,
SilenceUsage: true,