forked from Netflix/bless
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbless_deploy_example.cfg
21 lines (20 loc) · 1.04 KB
/
bless_deploy_example.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# This section and its options are optional
[Bless Options]
# Number of seconds +/- the issued time for the certificate to be valid
certificate_validity_window_seconds = 120
# Minimum number of bits in the system entropy pool before requiring an additional seeding step
entropy_minimum_bits = 2048
# Number of bytes of random to fetch from KMS to seed /dev/urandom
random_seed_bytes = 256
# Set the logging level
logging_level = INFO
# These values are all required to be modified for deployment
[Bless CA]
# AWS KMS key alias used to encrypt your private key password
kms_key_id = <alias/key_name>
# You must set an encrypted private key password for each AWS Region you deploy into
# for each aws region specify a config option like '{}_password'.format(aws_region)
us-east-1_password = <INSERT_US-EAST-1_KMS_ENCRYPTED_BASE64_ENCODED_PEM_PASSWORD_HERE>
us-west-2_password = <INSERT_US-WEST-2_KMS_ENCRYPTED_BASE64_ENCODED_PEM_PASSWORD_HERE>
# Specify the file name of your SSH CA's Private Key in PEM format.
ca_private_key_file = <INSERT_YOUR_ENCRYPTED_PEM_FILE_NAME>