Document encrypted certificates feature of installer
Updated by Lucas Di Pentima 3 months ago
Updated by Peter Amstutz 3 months ago
Suggest minor text edits below, rest LGTM
Securing your TLS certificate keys (AWS specific) (optional)¶
When using SSL_MODE=bring-your-own, you can keep your TLS certificate keys encrypted on the server nodes. This reduces the risk of certificate leaks from node disk volumes snapshots or backups.
This feature is currently implemented in AWS by providing the certificate keys’ password via Amazon’s Secrets Manager service, and installing appropriate services on the nodes that provide this password to nginx via a file that only lives in system RAM.