Epinio secures access to its API with TLS and basic authentication.
The installation process automatically creates and saves the necessary credentials (user, password) and certificates. The information is stored in Epinio's configuration, for pickup by other Epinio commands.
For a trial deployment the certificate securing the API will be generated by the underlying cluster, and self-signed, and its CA certificate is stored in the configuration to allow verification.
For a production-oriented deployment on the other hand, with a proper
--system-domain specified, the certificate is obtained from
Let's Encrypt instead. Nothing is stored in the
configuration in that case, as Let's Encrypt is a known CA.