Hanzo
PlatformHanzo KMSSelf-HostingGuides

Adding Custom Certificates

Learn how to configure Hanzo KMS with custom certificates

By default, the Hanzo KMS Docker image includes certificates from well-known public certificate authorities. However, some integrations with Hanzo KMS may need to communicate with your internal services that use private certificate authorities. To configure trust for custom certificates, follow these steps. This is particularly useful for connecting Hanzo KMS with self-hosted services like GitLab.

Prerequisites

  • Docker
  • Standalone Hanzo KMS image
  • Certificate public key .crt files

Setup

  1. Place all your public key .crt files into a single directory.
  2. Mount the directory containing the .crt files to the /usr/local/share/ca-certificates/ path in the Hanzo KMS container.
  3. Set the following environment variable on your Hanzo KMS container: 
    NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
  4. Start the Hanzo KMS container.

By following these steps, your Hanzo KMS container will trust the specified certificates, allowing you to securely connect Hanzo KMS to your internal services.

How is this guide?

Last updated on

CDN Caching for Static Assets

How to set up CDN caching to prevent version skew issues during deployments

AWS ECS (HA)

Reference architecture for self-hosting Hanzo KMS on AWS ECS

On this page

Prerequisites
Setup