diff --git a/README.md b/README.md index d0fbf3cc..08f3dc07 100644 --- a/README.md +++ b/README.md @@ -16,20 +16,20 @@ If `-config` is not specified, the default value `helper.conf` is assumed. ## Configuration The configuration file is an [HCL](https://github.com/hashicorp/hcl) formatted file that defines the following configurations: - |Configuration | Description | Example Value | - |--------------------------|------------------------------------------------------------------------------------------------| ------------- | - |`agent_address` | Socket address of SPIRE Agent. | `"/tmp/agent.sock"` | - |`cmd` | The path to the process to launch. | `"ghostunnel"` | - |`cmd_args` | The arguments of the process to launch. | `"server --listen localhost:8002 --target localhost:8001--keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"` | - |`cert_dir` | Directory name to store the fetched certificates. This directory must be created previously. | `"certs"` | - |`add_intermediates_to_bundle`| Add intermediate certificates into Bundle file instead of SVID file. | `true` | - |`renew_signal` | The signal that the process to be launched expects to reload the certificates. It is not supported on Windows. | `"SIGUSR1"` | - |`svid_file_name` | File name to be used to store the X.509 SVID public certificate in PEM format. | `"svid.pem"` | - |`svid_key_file_name` | File name to be used to store the X.509 SVID private key and public certificate in PEM format. | `"svid_key.pem"` | - |`svid_bundle_file_name` | File name to be used to store the X.509 SVID Bundle in PEM format. | `"svid_bundle.pem"` | - |`jwt_audience` | JWT SVID audience. | `"your-audience"` | - |`jwt_svid_file_name` | File name to be used to store JWT SVID in Base64-encoded string. | `"jwt_svid.token"` | - |`jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` | + | Configuration | Description | Example Value | + |-----------------------------|----------------------------------------------------------------------------------------------------------------| -------------------- | + |`agent_address` | Socket address of SPIRE Agent. | `"/tmp/agent.sock"` | + |`cmd` | The path to the process to launch. | `"ghostunnel"` | + |`cmd_args` | The arguments of the process to launch. | `"server --listen localhost:8002 --target localhost:8001--keystore certs/svid_key.pem --cacert certs/svid_bundle.pem --allow-uri-san spiffe://example.org/Database"` | + |`cert_dir` | Directory name to store the fetched certificates. This directory must be created previously. | `"certs"` | + |`add_intermediates_to_bundle`| Add intermediate certificates into Bundle file instead of SVID file. | `true` | + |`renew_signal` | The signal that the process to be launched expects to reload the certificates. It is not supported on Windows. | `"SIGUSR1"` | + |`svid_file_name` | File name to be used to store the X.509 SVID public certificate in PEM format. | `"svid.pem"` | + |`svid_key_file_name` | File name to be used to store the X.509 SVID private key and public certificate in PEM format. | `"svid_key.pem"` | + |`svid_bundle_file_name` | File name to be used to store the X.509 SVID Bundle in PEM format. | `"svid_bundle.pem"` | + |`jwt_audience` | JWT SVID audience. | `"your-audience"` | + |`jwt_svid_file_name` | File name to be used to store JWT SVID in Base64-encoded string. | `"jwt_svid.token"` | + |`jwt_bundle_file_name` | File name to be used to store JWT Bundle in JSON format. | `"jwt_bundle.json"` | ### Configuration example ```