Auto TLS enables automatic TLS between Pomerium Core and Enterprise by deriving the certificate authority (CA) and server certificates from a
Auto TLS secures HTTPS and gRPC/TLS endpoints connecting the Console to the Databroker and Proxy services so you don’t have to manually generate certificates (it’s still an option for users who demand it).
How to configure
|Config file keys||Environment variables||Type||Usage||Default|
tls_derive is a bootstrap configuration setting and is not configurable in the Console.
When you set
- A CA is derived from the
shared_secretand is added to the list of system default CAs
- An upstream route (
to) server certificate signed by such a derived CA would be trusted
- The Databroker gRPC server would use a server certificate with a provided domain name and signed by a derived CA
# config file key
# environment variable