Configure TLS

VaultCode exposes a REST API to interact with it. For example, you can trigger an execution by POST-ing input to VaultCode, and you can fetch the public keys to verify the run output signatures. See the REST API documentation for details.

This guide explains how to securely expose this REST API.

In the application-xyz.yml configuration file, the server: section contains the relevant definitions. Fill them out according to your needs, and then load the edited application-xyz.yml to the container.

server:
  # port VaultCode should listen on
  port: 2350

  ssl:
    # server certificate
    key-store: file:./config/tls/server-keystore.jks
    key-store-password: changeme
    key-store-type: JKS   # JKS, PKCS12

    # mTLS client authentication
    trust-store:  file:./config/tls/client-truststore.jks
    trust-store-password: changeme
    trust-store-type: JKS
    client-auth: need     # need, none, want

To enable TLS, provide the key-store settings.