Orchestrator instances require encrypted communication channels with integrated identity providers, secrets management systems, and peer Orchestrator nodes to maintain security boundaries and prevent credential exposure or man-in-the-middle attacks. The Maverics console allows you to configure TLS for inbound connections from the Orchestrator Settings of a deployment.
To edit the TLS configuration of an existing deployment, go to the Deployments screen and click a deployment.
Scroll to TLS Settings under Orchestrator Settings and click the Edit button.
Configure the following fields:
Please note that any TLS files set in your environment variables will take precedence over the configuration specified here.
TLS Cert File Path: The file path to your TLS certificate file. You can specify secrets in this field by using
<>brackets.TLS Key File Path: The file path to your TLS key file. You can specify secrets in this field by using
<>brackets.
Min Version: Select the minimum version. For security, we only allow TLS version 1.2 or higher to be specified. If not specified, the minimum TLS version will default to TLS 1.2.
1.2 (default): When using TLS 1.2, all ciphers listed under Enabled Ciphers are turned on and used by default. To enable only specific ciphers, they must be checked off. All Enabled Insecure Ciphers are turned off by default, but can be enabled by marking the check box.
When using TLS 1.3, cipher suites are not configurable.
.png?sv=2022-11-02&spr=https&st=2025-07-19T03%3A53%3A45Z&se=2025-07-19T04%3A04%3A45Z&sr=c&sp=r&sig=Fz9weMEvOdmMbu39vb7h0ZGidnahbo3S8X7u44qt3V0%3D)