From fd7c424656251fe7af1a68df53b5800255b14bf5 Mon Sep 17 00:00:00 2001
From: Håkon Hallingstad <hakon@verizonmedia.com>
Date: Fri, 27 Sep 2019 15:46:05 +0200
Subject: Define flag to include SIS certificate in host-admin truststore

---
 flags/src/main/java/com/yahoo/vespa/flags/Flags.java | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'flags')

diff --git a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
index 8bb16e8f334..869a07822b1 100644
--- a/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
+++ b/flags/src/main/java/com/yahoo/vespa/flags/Flags.java
@@ -85,6 +85,12 @@ public class Flags {
             "Takes effect on next node agent tick. Change is orchestrated, but does NOT require container restart",
             HOSTNAME, APPLICATION_ID);
 
+    public static final UnboundBooleanFlag INCLUDE_SIS_IN_TRUSTSTORE = defineFeatureFlag(
+            "include-sis-in-truststore", false,
+            "Whether to use the trust store backed by Athenz and Service Identity certificates.",
+            "Takes effect on next tick, but may get throttled due to orchestration.",
+            HOSTNAME);
+
     public static final UnboundStringFlag TLS_INSECURE_MIXED_MODE = defineStringFlag(
             "tls-insecure-mixed-mode", "tls_client_mixed_server",
             "TLS insecure mixed mode. Allowed values: ['plaintext_client_mixed_server', 'tls_client_mixed_server', 'tls_client_tls_server']",
-- 
cgit v1.2.3