Hi,
I’m trying to confirm if there is a supported way to automate mTLS configuration for Cirrus Link MQTT Engine/Transmission in Ignition? My goal is to automate certificate provisioning and MQTT server setup from a deployment script instead of manually uploading/configuring everything through the UI.
When I upload a CA cert, client cert, or private key through the MQTT Engine UI for example, Ignition creates config files under:
data/config/resources/core/com.cirruslink.mqtt.engine.gateway/cert-file/
The config files contains the encrypted structure generated by the Secrets Management system (ciphertext, encrypted_key, iv, protected, tag, etc).
Questions
-
Is there a supported API to create MQTT certificate resources? I didn't see any MQTT Engine/Transmission cert endpoints in /openapi documentation and wanted to confirm if these resources are available elsewhere.
-
Can the Secrets Management encryption API (
system.secrets.encrypt) be used to generate the encrypted JSON for certificate and server resources? I'm unsure if the MQTT module will recognize resources created this way. -
And is directly writing resource files under
data/config/resources/...supported? If I generate the encrypted JSON myself and placed it in the correct folder structure, will the Gateway and the engine/transmission register it?
Any clarification or insights are appreciated.
Thanks