# Base URL of the CertWarden instance
# required
base_url: "https://certwarden.example.com"

# Set this to true if your CertWarden instance does not have a publicly trusted 
# TLS certificate (e.g. it has a self signed one)
# default is false
disable_certificate_validation: false

# define all managed certificates here
certificates:

    # name is a unique identifier that must start and end with an alphanumeric character, 
    # and can contain the following characters: a-zA-Z0-9._-
    # required
  - name: test-certificate.example.com

    # Contains the API-Key to fetch the certificate from the server
    # required
    cert_secret: examplekey_notvalid_hrzjGDDw8z

    # path where to save the certificate
    # required
    cert_path: "/path/to/test-certificate.example.com-cert.pem"

    # Contains the API-Key to fetch the private key from the server
    # required
    key_secret: examplekey_notvalid_hrzbbDDw8z

    # path where to save the private key
    # required
    key_path: "/path/to/test-certificate.example.com-key.pem"

    # action to run when certificate was updated or --force is on
    action: "/usr/bin/systemd reload caddy"