Usability improvement suggestion: change --tls-cert and --tls-key flags (or, for backward compatibility, introduce --tls-cert-file and --tls-key-file) to take a file path to files storing key and certificate; instead of requiring multi-line strings on the command line.
The reason for that is that passing a one-line string containing \n characters to --tls-cert or --tls-key will be incorrectly written to disk on the concourse web instance, leading to the ATC and grafana not starting up with an error since the tls_cert and tls_key files cannot be parsed. (This can happen, for instance, if someone does something similar to cat config.json | jq .concourse_key to re-use the previous key stored in the config)
Alternatively, a conversion from \n to line breaks could be done before writing the tls_key and tls_cert files on the web nodes.
Usability improvement suggestion: change
--tls-certand--tls-keyflags (or, for backward compatibility, introduce--tls-cert-fileand--tls-key-file) to take a file path to files storing key and certificate; instead of requiring multi-line strings on the command line.The reason for that is that passing a one-line string containing
\ncharacters to--tls-certor--tls-keywill be incorrectly written to disk on the concourse web instance, leading to the ATC and grafana not starting up with an error since the tls_cert and tls_key files cannot be parsed. (This can happen, for instance, if someone does something similar tocat config.json | jq .concourse_keyto re-use the previous key stored in the config)Alternatively, a conversion from
\nto line breaks could be done before writing the tls_key and tls_cert files on the web nodes.