Quarkus Rest Client MTLS configuration guide about quarkus HOT 14 OPEN

The only documentation I have found is in the MicroProfile Rest Client documentation.

• https://download.eclipse.org/microprofile/microprofile-rest-client-2.0/microprofile-rest-client-spec-2.0.html#_trust_store
• https://download.eclipse.org/microprofile/microprofile-rest-client-2.0/microprofile-rest-client-spec-2.0.html#_key_store

Should probably be configured as follows (#22293 (comment) and https://quarkus.io/blog/quarkus-mutual-tls/#configure-microprofile-rest-client-for-mutual-tls):

# truststore config
org.acme.client.mtls.GreetingService/mp-rest/trustStore=classpath:/META-INF/resources/client.truststore.p12
org.acme.client.mtls.GreetingService/mp-rest/trustStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/trustStorePassword=password

# keystore config
org.acme.client.mtls.GreetingService/mp-rest/keyStore=classpath:/META-INF/resources/client.keystore.p12
org.acme.client.mtls.GreetingService/mp-rest/keyStoreType=PKCS12 # or JKS
org.acme.client.mtls.GreetingService/mp-rest/keyStorePassword=password

from quarkus.

As an alternative you could use the vert.x web client: https://quarkus.io/guides/vertx#using-vert-x-clients

WebClientOptions options = new WebClientOptions()
    .setSsl(true)
    .setPemKeyCertOptions(new PemKeyCertOptions()
        .addCertPath("path/to/cert.pem")
        .setKeyPath("path/to/key.pem"))
    .setTrustOptions(new PemTrustOptions()
        .addCertPath("path/to/cert.pem"));

WebClient client = WebClient.create(vertx, options);

from quarkus.

Let's wait until the new mechanism is in place before adding anything, or I will have to change it in a few weeks.

from quarkus.

/cc @cescoffier (rest-client), @geoand (rest-client), @radcortez (config)

from quarkus.

The configuration is likely going to change (the current one will still be working) following the TLS config centralization work.

from quarkus.

Hi @cescoffier

But where is the current doc?

from quarkus.

@leaqui https://quarkus.io/guides/security-authentication-mechanisms#mutual-tls

from quarkus.

but this is for client-side?

from quarkus.

You are right, my fault.

from quarkus.

Also, properties are listed at: https://es.quarkus.io/guides/all-config#quarkus-rest-client-config_quarkus-rest-client-config-rest-clients-config

But I think lost MTLS configuration doc (or a link to) at REST client guide is useful.

from quarkus.

Do you remember anything from the docs contents so we can look through the git history?

from quarkus.

I'm sure it was at https://quarkus.io/guides/rest-client but I can't find it at history.

I think the section title was something like Mutual - TLS

The section had a configuration block with properties like:
quarkus.rest-client.config-key.trust-store
quarkus.rest-client.config-key.trust-store-password

quarkus.rest-client.config-key.key-store
quarkus.rest-client.config-key.key-store-password

Similar to https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls

from quarkus.

I had no luck in locating it unfortunately

from quarkus.

No matter, I think adding something like https://es.quarkus.io/guides/security-openid-connect-client-reference#mutual-tls would be fine.

from quarkus.