Skip to content

[Enhancement Request] Add support for mTLS in global artifact repository settings for air-gapped deployments #106

Description

@archset

Describe the enhancement:
Elastic endpoint currently allows a custom defined global artifacts base_url and verification of the server certificate of this url against a custom ca_cert. However, there are no configuration options for defining a client cert/key to provide full mTLS authentication.

Describe a specific use case for the enhancement or feature:
Deployment in air-gapped, secure environments with apache/nginx artifacts servers that require client certificate authentication. This aligns with the mTLS options for fleet, kibana, and elasticsearch and would result in more complete adoption of mTLS.

What is the definition of done?
Defend integration allows setting path variables to a PEM-encoded certificate and key for client auth. Elastic-endpoint uses the configured PEM files when downloading/refreshing artifacts.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions