Readme update (#44)

* Add TLS to README * Add password rotation to README
canonical · Sep 22, 2022 · 946b48f · 946b48f
1 parent 6cfaacd
commit 946b48f
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -44,6 +44,18 @@ juju scale-application postgresql-k8s -n <number_of_units>
 ```
 The implementation of `scale-application` allows the operator to remove more than one unit. The functionality of `scale-application` functions by removing one replica at a time to avoid downtime.
 
+### Password rotation
+#### Charm users
+For users used internally by the Charmed PostgreSQL Kubernetes Operator an action can be used to rotate their passwords.
+```shell
+juju run-action postgresql-k8s/0 set-password username=<username> password=<password> --wait
+```
+Currently, the users used by the operator are `operator` and `replication`. Those users should not be used outside the operator.
+
+#### Related applications users
+
+To rotate the passwords of users created for related applications the relation should be removed and the application should be related again to the Charmed PostgreSQL Kubernetes Operator. That process will generate a new user and password for the application (removing the old user).
+
 ## Relations
 
 Supported [relations](https://juju.is/docs/olm/relations):
@@ -68,6 +80,23 @@ juju relate postgresql-k8s:db finos-waltz-k8s
 juju relate postgresql-k8s:db-admin discourse-k8s
 ```
 
+#### `tls-certificates` interface:
+
+The Charmed PostgreSQL Kubernetes Operator also supports TLS encryption on internal and external connections. To enable TLS:
+
+```shell
+# Deploy the TLS Certificates Operator. 
+juju deploy tls-certificates-operator --channel=edge
+# Add the necessary configurations for TLS.
+juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA" 
+# Enable TLS via relation.
+juju relate postgresql-k8s tls-certificates-operator
+# Disable TLS by removing relation.
+juju remove-relation postgresql-k8s tls-certificates-operator
+```
+
+Note: The TLS settings shown here are for self-signed-certificates, which are not recommended for production clusters. The TLS Certificates Operator offers a variety of configurations. Read more on the TLS Certificates Operator [here](https://charmhub.io/tls-certificates-operator).
+
 ## Security
 Security issues in the Charmed PostgreSQL Kubernetes Operator can be reported through [LaunchPad](https://wiki.ubuntu.com/DebuggingSecurity#How%20to%20File). Please do not file GitHub issues about security issues.