-
Notifications
You must be signed in to change notification settings - Fork 46
/
example-config.yaml
57 lines (57 loc) · 1.78 KB
/
example-config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
consoleme_url: https://path_to_consoleme:port
authentication_method: mtls # challenge or mtls
log_level: info
log_file: /path/to/log/file
log_format: tty
aws:
region: us-east-1
server:
http_timeout: 20
address: 127.0.0.1
port: 9091
enforce_imdsv2: false # Enforce use of a token in IMDS emulation mode (weep serve <role>)
service:
command: serve
flags: # Flags are CLI options
- --log-level
- debug
args: # Args are command arguments. This configuration will start the metadata service with credentials for roleName
- roleName
swag: # Optionally use SWAG (https://github.com/Netflix-Skunkworks/swag-api) for AWS account information
enabled: false
use_mtls: false
url: https://swag.example.com/api
#challenge_settings: # (Optional) Username can be provided. If it is not provided, user will be prompted on first authentication attempt
# user: [email protected]
mtls_settings: # only needed if authentication_method is mtls
old_cert_message: mTLS certificate is too old, please run [refresh command]
certs:
- mtls1.crt
- mtls2.crt
keys:
- mtls1.key
- mtls2.key
catrust: mtlsCA.pem
insecure: false
darwin: # weep will look in platform-specific directories for the three files specified above
- "/run/mtls/certificates"
- "/mtls/certificates"
- "$HOME/.mtls/certificates"
- "$HOME/.mtls"
linux:
- "/run/mtls/certificates"
- "/mtls/certificates"
- "$HOME/.mtls/certificates"
- "$HOME/.mtls"
windows:
- "C:\\run\\mtls\\certificates"
- "C:\\mtls\\certificates"
- "$HOME\\.mtls\\certificates"
- "$HOME\\.mtls"
metadata:
routes:
- path: latest/user-data
- path: latest/meta-data/local-ipv4
data: "127.0.0.1"
- path: latest/meta-data/local-hostname
data: ip-127-0-0-1.us-west-2.compute.pkg