# TLS Configuration

To enable TLS support for the service, perform the following steps:

1. Set `ENABLE_TLS` to true
2. Specify `cert`, `trust`, and `key` either through a **volume mount** (recommended) or the following **environment variables**.

{% hint style="warning" %}
In the event that both a volume mount and environment variables are provided, the volume mounted files will take precedence over the environment variables.
{% endhint %}

## Enable TLS Configuration

| Variable       | Mount Location                            | Default Value | Description                       | Type     |
| -------------- | ----------------------------------------- | ------------- | --------------------------------- | -------- |
| `ENABLE_TLS`   | -                                         | `false`       | `true` to enable TLS support      | `bool`   |
| `SERVER_TRUST` | `/gm-jwt-security/certs/server.trust.pem` | ""            | base64 encoded server trust store | `base64` |
| `SERVER_CERT`  | `/gm-jwt-security/certs/server.cert.pem`  | ""            | base64 encoded server certificate | `base64` |
| `SERVER_KEY`   | `/gm-jwt-security/certs/server.key.pem`   | ""            | base64 encoded server key         | `base64` |

## Questions

{% hint style="success" %}
**Need help?**

Create an account at [Grey Matter Support](https://support.greymatter.io/support/home) to reach our team.
{% endhint %}