cli: Introduce defaults for cert/key locations #6262
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Using the CLI with a secure cluster is tedious because it requires three separate security-related paths to be passed. This can be fixed by using environment variables, but it would be even better if there were defaults (defaults would also answer the question of "where should i put these files?").
One downside to supporting defaults here is that we lose the explicit signal that the user intended to use secure mode, so it would be difficult to reconcile with our default insecure mode. We'd probably have to make the
--insecureflag required again in this case, so we may want to postpone implementing this until we have a better handle on key management issues.For comparison, postgresql looks for keys by default in
~/.postgresql/{postgres.key,postgres.crt,root.crt}on the client side, and$DATADIR/{server.key,server.crt,root.crt}on the server. (in postgresql's terminology,root.crtcontains CA certificates like ourca.crt)The text was updated successfully, but these errors were encountered: