salt.grains.truststore#

Grain that reports which CA certificate store Salt is using for outbound HTTPS/TLS connections.

New in version 3008.0.

Possible values for the ca_truststore grain:

certifi

Default. Salt uses the certifi CA bundle (or a system bundle on Linux when one is found at a well-known path).

os

Salt has successfully injected the native OS certificate store via pip-system-certs (requires use_os_truststore: True in the minion configuration and the pip-system-certs package installed).

salt.grains.truststore.ca_truststore()#

Return the active CA trust store name as the ca_truststore grain.

Example grain value:

ca_truststore: certifi

or, when OS trust store is active:

ca_truststore: os
On this page