8000 Add TLS rotation to new features. (#335) · arangodb/docs@b171a17 · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Dec 13, 2023. It is now read-only.

Commit b171a17

Browse files
neunhoefneunhoef
authored
Add TLS rotation to new features. (#335)
1 parent 16962ce commit b171a17

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

3.7/release-notes-new-features37.md

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,19 @@ Additionally the `/_admin/server/jwt` API can be used to reload the JWT secrets
9494
of a local arangod process without having to restart it (hot-reload). This may
9595
be used to roll out new JWT secrets throughout an ArangoDB cluster.
9696

97+
### TLS key and certificate rotation
98+
99+
It is now possible to change the TLS keyfile (secret key as well as
100+
public certificates) at run time. The API `POST /_admin/server/tls`
101+
basically makes the `arangod` server reload the keyfile from disk.
102+
103+
Furthermore, one can query the current TLS setup at runtime with the
104+
`GET /_admin/server/tls` API. The public certificates as well as a
105+
SHA-256 hash of the private key is returned.
106+
107+
This allows [rotation of TLS keys and certificates](http/administration-and-monitoring.html#tls)
108+
without a server restart.
109+
97110
### Insert-Update
98111

99112
ArangoDB 3.7 adds an insert-update operation that is similar to the already

0 commit comments

Comments
 (0)
0