20035: Adds configuration to enable the use of encryped SSL private keys.

[arvados.git] / tools / salt-install / local.params.example.single_host_multiple_hostnames

diff --git a/tools/salt-install/local.params.example.single_host_multiple_hostnames b/tools/salt-install/local.params.example.single_host_multiple_hostnames
index b89ced9b5fac3ad87046bf254040016f7cc2b0ee..56ecf9f92e19b05a0b155fa9a35ef5fbaa90202f 100644 (file)
--- a/tools/salt-install/local.params.example.single_host_multiple_hostnames
+++ b/tools/salt-install/local.params.example.single_host_multiple_hostnames
@@ -58,6 +58,11 @@ SSL_MODE="self-signed"
 # See https://doc.arvados.org/intall/salt-single-host.html#bring-your-own for more information.
 # CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs"
 
+# Set the following to "yes" if the key files are encrypted and optionally set
+# a custom AWS secret name for each node to retrieve the password.
+SSL_KEY_ENCRYPTED="no"
+SSL_KEY_AWS_SECRET_NAME="${CLUSTER}-arvados-ssl-privkey-password"
+
 # The directory to check for the config files (pillars, states) you want to use.
 # There are a few examples under 'config_examples'.
 # CONFIG_DIR="local_config_dir"