Skip to content

Commit 43e9122

Browse files
p-b--aider-chat-bot
p-b--
and
aider-chat-bot
committed
docs: Improve README TLS and mTLS connection details
Co-authored-by: aider (gemini/gemini-2.5-flash) <aider@aider.chat>
1 parent 9410996 commit 43e9122

File tree

1 file changed

+16
-0
lines changed

1 file changed

+16
-0
lines changed

README.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,22 @@ You can download the latest binary from the [release page](https://github.com/Se
1919
* Suggest using `install -m 0400 /dev/null /path/to/file`.
2020
* Add the VECTR credentials into the file in the form of: `<key_id>:<key_secret>`.
2121

22+
### Connecting to VECTR with TLS
23+
24+
By default, `vat` attempts to establish a secure TLS connection to the VECTR instance. If the instance uses a TLS certificate that is not trusted by your system's default certificate authorities (e.g., a certificate from a private or corporate CA), you must provide a way to validate it.
25+
26+
#### Using a Custom CA (`--ca-cert`)
27+
28+
The `--ca-cert` flag is the **secure** way to connect to a VECTR instance that has a custom or internally-issued TLS certificate. You provide the public certificate of the Certificate Authority (CA) that signed the server's certificate. `vat` will use this CA to validate the server's identity, ensuring a secure and encrypted connection. This is the recommended approach for production or sensitive environments.
29+
30+
#### Insecure Connections (`--insecure` or `-k`)
31+
32+
The `--insecure` flag disables all TLS certificate validation. This means `vat` will not verify the identity of the VECTR server, making the connection vulnerable to man-in-the-middle (MITM) attacks. This option should only be used for temporary testing against development environments where you understand and accept the security risks. It is a convenient but **insecure** alternative to using `--ca-cert`.
33+
34+
#### Mutual TLS (mTLS)
35+
36+
For environments requiring client-side authentication, you can use `--client-cert-file` and `--client-key-file`. These flags provide a client certificate and private key to the VECTR server, which verifies the client's identity before allowing a connection. This is often used in addition to `--ca-cert` for a fully authenticated and encrypted channel.
37+
2238
### Save Assessment Data
2339

2440
Save assessment data from a VECTR instance to an encrypted, compressed file:

0 commit comments

Comments
 (0)