From 0d4850171db86bed48c4c1e5a475ceb190d44785 Mon Sep 17 00:00:00 2001
From: Justin Rich <jrich@cyral.com>
Date: Fri, 10 May 2024 15:25:25 -0700
Subject: [PATCH 1/2] update cert configuration for dispatcher

---
 install-linux.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/install-linux.sh b/install-linux.sh
index cb5f72f..50734a7 100755
--- a/install-linux.sh
+++ b/install-linux.sh
@@ -248,6 +248,12 @@ update_config_files () {
     sed -i "/^sidecar-id:/c\sidecar-id: \"${CYRAL_SIDECAR_ID}\"" "$config_file"
   done
 
+  # Dispatcher Certificate configuration
+  sed -i "/^certs-directory:/c\certs-directory: \"${CYRAL_SIDECAR_CERT_DIRECTORY:-/etc/cyral/cyral-certificate-manager/bundles}\"" /etc/cyral/cyral-dispatcher/config.yaml
+  sed -i "/^cert-filename:/c\cert-filename: \"${CYRAL_SIDECAR_TLS_CERT:-cert-tls.pem}\"" /etc/cyral/cyral-dispatcher/config.yaml
+  sed -i "/^cert-key-filename:/c\cert-key-filename: \"${CYRAL_SIDECAR_TLS_PRIVATE_KEY:-key-tls.pem}\"" /etc/cyral/cyral-dispatcher/config.yaml
+  sed -i "/^ca-filename:/c\ca-filename: \"${CYRAL_SIDECAR_CA_CERT:-cert-tls.pem}\"" /etc/cyral/cyral-dispatcher/config.yaml
+
   # Push Client Config
   if [ -f "/etc/default/cyral-push-client" ]; then
     sed -i "/^ExecStartPre=/c\ExecStartPre=/bin/sh -c \"/bin/touch /var/log/cyral/cyral-push-client.log;/bin/sleep 30\"" /usr/lib/systemd/system/cyral-push-client.service

From 185b1a0081a9dcf5e262a26cf8f7a47f9ff569d9 Mon Sep 17 00:00:00 2001
From: Justin Rich <jrich@cyral.com>
Date: Fri, 10 May 2024 16:16:15 -0700
Subject: [PATCH 2/2] update readme

---
 docs/certificates.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/certificates.md b/docs/certificates.md
index 931011c..83090f4 100644
--- a/docs/certificates.md
+++ b/docs/certificates.md
@@ -8,8 +8,8 @@ environment variables:
 ```shell
 CYRAL_SIDECAR_TLS_CERT=        # x509 TLS certificate
 CYRAL_SIDECAR_TLS_PRIVATE_KEY= # private key corresponding to TLS cert
-CYRAL_SIDECAR_CA_CERT=         # x509 CA certificate
-CYRAL_SIDECAR_CA_PRIVATE_KEY=  # private key corresponding to CA cert
+CYRAL_SIDECAR_CA_CERT=         # CA Cert for TLS
+CYRAL_SIDECAR_CERT_DIRECTORY=  # Directory for cert storage, defaults to /etc/cyral/cyral-certificate-manager/bundles
 ```
 
 Export the environment variables of your choice before running the script.