The trust relationship with external entities (remote environments, remote accounts…​).


additional_node_names (array[string])
A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined.
certificates (array[TrustedCertificate], required)
The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.
name (string, required)
a human readable name of the trust relationship
scope_id (string)
Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.
trust_all (boolean, required)
If true, scope_id is required and the trust_allowlist is ignored and all clusters matching the scope id will be trusted.
trust_allowlist (array[string])
The list of clusters with matching scope to trust. Only used when trust_all is false. Providing one or more clusters makes scope_id mandatory.


   "additional_node_names" : [
   "certificates" : [
         "metadata" : {
            "fingerprint" : "string",
            "valid_from" : "2019-01-01T00:00:00Z",
            "valid_to" : "2019-01-01T00:00:00Z"
         "pem" : "string"
   "name" : "string",
   "scope_id" : "string",
   "trust_all" : true,
   "trust_allowlist" : [