Mutual TLS to origin

Store your client certificate in a Fastly secret store to enable mTLS on backend requests.


Use this solution in your Compute service:

  1. Rust
fastly = "0.9.2"
use fastly::backend::Backend;
use fastly::secret_store::{LookupError, SecretStore};
use fastly::{Error, Request, Response};
fn main(req: Request) -> Result<Response, Error> {
// Fetch the certificate from a secret store
let store = SecretStore::open("my_credentials_store")?;
// This is not actually a secret, but it's convenient to store it in
// the secret store, paired with the key.
let certificate_bytes = store
.ok_or_else(|| LookupError::InvalidSecretName("fastly_certificate".to_string()))?
let certificate = String::from_utf8(certificate_bytes)?;
// This is definitely a secret
let certificate_key = store
.ok_or_else(|| LookupError::InvalidSecretName("fastly_key".to_string()))?;
// mTLS is currently only supported on dynamic backends
let backend = Backend::builder("origin_0", "")
.provide_client_certificate(certificate, certificate_key)