Sorry but I can't find anything in config.yaml, or config.yaml reference, or in the docs theres env vars for cert, and key, but can' find anywhere what the CA env var could be.

I understand you can tell kibana what CA to use via env var

NODE_EXTRA_CA_CERTS="/etc/kibana/certs/ca-cert.pem"

when connecting to the registry but how do you first provide that CA (or any CA) to EPR? or I must be missing some obvious step sorry.
in the command below i only see key/cert but no option to give it the ca-cert pem mentioned above

docker run -it -p 443:443 \
  -v /etc/ssl/package-registry.key:/etc/ssl/package-registry.key:ro \
  -v /etc/ssl/package-registry.crt:/etc/ssl/package-registry.crt:ro \
  -e EPR_ADDRESS=0.0.0.0:443 \
  -e EPR_TLS_KEY=/etc/ssl/package-registry.key \
  -e EPR_TLS_CERT=/etc/ssl/package-registry.crt \
  docker.elastic.co/package-registry/distribution:8.6.2

sorry but can't find it documented anywhere, is there an EPR_TLS_CA_CERT or something like that?

ok so from a quick peek at the golang i dont see a variable at all for the CA, it seems you just dont give it one, and the CA just goes to kibana only. ill try this, but please let me know if my conclusion is correct.

Hey @perezjasonr, what do you need to configure a CA in the registry for?
In principle configuring the CA is only needed in clients of the registry, when using in the server certificates generated with custom CAs. So yeah, in principle in this case you only need to configure it in Kibana.