Implement X.509 auth for MySQL and Barbican Change-Id: Ic724d0d3474f0d52c56638e8805b2f64dc21c120 Related-PROD: PROD-22738

commit: 6ccbafaef73835f58e901301c9f1f2c09f42533d [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Tue Sep 11 13:04:36 2018 +0300
committer: Vasyl Saienko <vsaienko@mirantis.com> Thu Sep 13 09:15:02 2018 +0000
tree: ca18dbde31e0a94f831ec92fba9f224ebf09c12e
parent: 60c8c2342244f3309a7dccbff9c753a501fda266 [diff] [blame]
diff --git a/README.rst b/README.rst
index 33aea5c..0f4e655 100644
--- a/README.rst
+++ b/README.rst

@@ -389,6 +389,28 @@
               encodeb64_payload: true
 
 
+Enable x509 and ssl communication between Barbican and Galera cluster.
+---------------------
+By default communication between Barbican and Galera is unsecure.
+
+barbican:
+  server:
+    database:
+      x509:
+        enabled: True
+
+You able to set custom certificates in pillar:
+
+barbican:
+  server:
+    database:
+      x509:
+        cacert: (certificate content)
+        cert: (certificate content)
+        key: (certificate content)
+
+You can read more about it here:
+    https://docs.openstack.org/security-guide/databases/database-access-control.html
 
 Documentation and Bugs
 ======================
commit	6ccbafaef73835f58e901301c9f1f2c09f42533d	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Tue Sep 11 13:04:36 2018 +0300
committer	Vasyl Saienko <vsaienko@mirantis.com>	Thu Sep 13 09:15:02 2018 +0000
tree	ca18dbde31e0a94f831ec92fba9f224ebf09c12e
parent	60c8c2342244f3309a7dccbff9c753a501fda266 [diff] [blame]