Operations: Server: How to Generate a Client Certificate
-
You can generate a client certificate using CreateClientCertificateOperation.
-
Learn the rationale needed to properly define client certificates in The RavenDB Security Authorization Approach
Usage
const cert1 = await store.maintenance.server.send(
new CreateClientCertificateOperation([name], [permissions], [clearance], [password]));
SecurityClearance
options:
UnauthenticatedClients
ClusterAdmin
ClusterNode
Operator
ValidUser
DatabaseAccess
options:
ReadWrite
Admin
Parameters | ||
---|---|---|
name | string | Name of a certificate |
permissions | Record<string, DatabaseAccess> | Record mapping databases to access level |
clearance | SecurityClearance | Access level |
password | string | Optional certificate password, default: no password |
Return Value | |
---|---|
RawData | client certificate raw data |
Example I
// With user role set to Cluster Administrator or Operator the user of this certificate
// is going to have access to all databases
const clientCertificateOperation = await store.maintenance.server.send(
new CreateClientCertificateOperation("admin", {}, "Operator"));
const certificateRawData = clientCertificateOperation.rawData;
Example II
// when security clearance is ValidUser, you need to specify per database permissions
const clearance = {
[store.database]: "ReadWrite"
};
}
t clientCertificateOperation = await store.maintenance.server.send(
new CreateClientCertificateOperation("user1", clearance, "ValidUser", "myPassword"));
t certificateRawData = clientCertificateOperation.rawData;