-
When trying to sign a database certificate for configuring a self-hosted database by invoking
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Prior to Teleport version Starting from To generate these certs, user invoking the command must have permissions to impersonate the built-in Example allow rule: allow:
impersonate:
users: ["Db"]
roles: ["Db"] |
Beta Was this translation helpful? Give feedback.
Prior to Teleport version
6.2.1
only cluster admin could generate self-hosted database certificates by runningtctl auth sign
command locally on the auth server.Starting from
6.2.1
release, the command allows generating these certificates remotely as well, by leveraging Teleport's impersonation capabilities.To generate these certs, user invoking the command must have permissions to impersonate the built-in
Db
user/role representing a database node.Example allow rule: