diff --git a/www/content/artifactory.md b/www/content/artifactory.md index 5fc3767d7..32b6ebdaf 100644 --- a/www/content/artifactory.md +++ b/www/content/artifactory.md @@ -88,6 +88,30 @@ If your instance is named `production`, you need to store the secret in the environment variable `ARTIFACTORY_PRODUCTION_SECRET`. The name will be transformed to uppercase. +### Server authentication + +You can authenticate your Artifactory TLS server adding a trusted X.509 +certificate chain in your configuration. + +The trusted certificate chain will be used to validate the server certificates. + +You can set the trusted certificate chain using the global `trusted_certificates` +setting and PEM encoded certificates on a YAML literal block like this: + +```yaml +trusted_certificates: | + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- +``` + ## Customization Of course, you can customize a lot of things: @@ -112,6 +136,13 @@ artifactories: checksum: true # Upload signatures (defaults to false) signature: true +# Certificate chain used to validate server certificates +trusted_certificates: | + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- ``` These settings should allow you to push your artifacts into multiple Artifactories. diff --git a/www/content/put.md b/www/content/put.md index be70d25f4..9d10cef2b 100644 --- a/www/content/put.md +++ b/www/content/put.md @@ -85,6 +85,30 @@ If your instance is named `production`, you need to store the secret in the environment variable `PUT_PRODUCTION_SECRET`. The name will be transformed to uppercase. +### Server authentication + +You can authenticate your TLS server adding a trusted X.509 certificate chain +in your configuration. + +The trusted certificate chain will be used to validate the server certificates. + +You can set the trusted certificate chain using the global `trusted_certificates` +setting and PEM encoded certificates on a YAML literal block like this: + +```yaml +trusted_certificates: | + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- +``` + ## Customization Of course, you can customize a lot of things: @@ -102,13 +126,20 @@ puts: # Default is `archive`. mode: archive # URL to be used as target of the HTTP PUT request - target: http://some.server/some/path/example-repo-local/{{ .ProjectName }}/{{ .Version }}/ + target: https://some.server/some/path/example-repo-local/{{ .ProjectName }}/{{ .Version }}/ # User that will be used for the deployment username: deployuser # Upload checksums (defaults to false) checksum: true # Upload signatures (defaults to false) signature: true +# Certificate chain used to validate server certificates +trusted_certificates: | + -----BEGIN CERTIFICATE----- + MIIDrjCCApagAwIBAgIIShr2zchZo+8wDQYJKoZIhvcNAQENBQAwNTEXMBUGA1UE + ...(edited content)... + TyzMJasj5BPZrmKjJb6O/tOtEIJ66xPSBTxPShkEYHnB7A== + -----END CERTIFICATE----- ``` These settings should allow you to push your artifacts into multiple HTTP servers.