From 2d2e04507b6c3b781fd0de0efa7fe3593d592355 Mon Sep 17 00:00:00 2001 From: Milo Beyene Date: Tue, 22 Feb 2022 08:14:47 -0600 Subject: [PATCH] chore: Use Nomad ACL token instead of mTLS --- README.md | 4 ---- axiomatic.nomad | 28 +++++----------------------- 2 files changed, 5 insertions(+), 27 deletions(-) diff --git a/README.md b/README.md index 19a58ce..0e3ab25 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,6 @@ Axiomatic uses environment variables to override the default configuration value * AXIOMATIC_SSH_PRIV_KEY (**required**) is the private ssh key used for cloning repositories. It must be base64 encoded. * AXIOMATIC_SSH_PUB_KEY (**required**) is the public ssh key used for cloning repositories. * NOMAD_ADDR is the address of the Nomad server. Default = `http://127.0.0.1:4646` -* NOMAD_CACERT is the path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate. -* NOMAD_CAPATH is the path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate. -* NOMAD_CLIENT_CERT Path to a PEM encoded client certificate for TLS authentication to the Nomad server. -* NOMAD_CLIENT_KEY Path to an unencrypted PEM encoded private key matching the client certificate. * NOMAD_NAMESPACE is the target namespace for queries and actions. Default = `default` * NOMAD_REGION is region of the Nomad servers to forward commands. * NOMAD_TOKEN is the SecretID of an ACL token to use to authenticate API requests. diff --git a/axiomatic.nomad b/axiomatic.nomad index 813d951..8f06700 100644 --- a/axiomatic.nomad +++ b/axiomatic.nomad @@ -23,33 +23,15 @@ job "axiomatic" { AXIOMATIC_IP = "0.0.0.0" AXIOMATIC_PORT = "8181" GITHUB_SECRET = "you-deserve-what-you-get" - NOMAD_CACERT = "/local/certs/nomad-ca.pem" - NOMAD_CLIENT_CERT = "/local/certs/cli.pem" - NOMAD_CLIENT_KEY = "/local/certs/cli-key.pem" } template { data = <