Implement X.509 auth for MySQL and Keystone Related-PROD: PROD-22748 Change-Id: I7d557bcb63f95a5f6afdc8d27fb2c6c5a7608362

commit: 9b152ebee6a9a2c58fdbbcd8df19e292273caa58 [log] [tgz]
author: Oleksandr Shyshko <oshyshko@mirantis.com> Fri Aug 31 10:23:34 2018 +0300
committer: oshyshko <oshyshko@mirantis.com> Tue Sep 04 09:14:09 2018 +0000
tree: 02807b1090653fabc1ac66038902140b0bec2127
parent: 4bb73a1baeafd254ca4325cde1bbba8f9e8ae186 [diff] [blame]
diff --git a/README.rst b/README.rst
index a171ab2..7603911 100644
--- a/README.rst
+++ b/README.rst

@@ -845,6 +845,27 @@
 
 Currently the default fernet rotation driver is a shared filesystem
 
+Enable x509 and ssl communication between Keystone and Galera cluster.
+---------------------
+By default communication between Keystone and Galera is unsecure.
+
+You able to set custom certificates in pillar:
+server:
+  database:
+    x509:
+      enabled: True
+
+keystone:
+  server:
+    database:
+      x509:
+        cacert (certificate content)
+        cert (certificate content)
+        key (certificate content)
+
+You can read more about it here:
+    https://docs.openstack.org/security-guide/databases/database-access-control.html
+
 Documentation and Bugs
 ======================
commit	9b152ebee6a9a2c58fdbbcd8df19e292273caa58	[log] [tgz]
author	Oleksandr Shyshko <oshyshko@mirantis.com>	Fri Aug 31 10:23:34 2018 +0300
committer	oshyshko <oshyshko@mirantis.com>	Tue Sep 04 09:14:09 2018 +0000
tree	02807b1090653fabc1ac66038902140b0bec2127
parent	4bb73a1baeafd254ca4325cde1bbba8f9e8ae186 [diff] [blame]