github.com/pachyderm/pachyderm@v1.13.4/doc/docs/1.11.x/deploy-manage/deploy/deploy_w_tls.md (about) 1 # Deploy Pachyderm with TLS 2 3 You can deploy your Pachyderm cluster with Transport Layer Security(TLS) 4 enabled to ensure your cluster communications are protected from external 5 attackers, and all the communication parties are verified by means of a 6 trusted certificate and a private key. For many organizations, TLS is a 7 security requirement that ensures integrity of their data. 8 Before you can enable TLS, you need to obtain a certificate from a trusted 9 CA, such as Let's Encrypt, Cloudflare, or other. 10 You can enable TLS during the deployment of your Pachyderm cluster by 11 providing a path to your CA certificate and your private key by using the 12 `--tls` flag with the `pachctl deploy` command. 13 14 ```shell 15 pachctl deploy <platform> --tls "<path/to/cert>,<path/to/key>" 16 ``` 17 18 !!! note 19 The paths to the certificate and to the key must be specified 20 exactly as shown in the example above — in double quotes, separated by 21 a comma, and without a space. 22 23 After you deploy Pachyderm, to connect through `pachctl` by using a 24 trusted certificate, you need to configure the `pachd_address` in the 25 Pachyderm context with the cluster IP address that starts with `grpcs://`. 26 You can do so by running the following command: 27 28 !!! example 29 ```shell 30 echo '{"pachd_address": "grpcs://<cluster-ip>:31400"}' | pachctl config 31 pachctl config update context `p config get active-context` --pachd_address "grpcs://<cluster-ip>:31400" 32 ``` 33 34 !!! note "See Also:" 35 36 - [Connect by using a Pachyderm context](../connect-to-cluster/#connect-by-using-a-pachyderm-context)