> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. > RegistryTLSConfig configures TLS for a registry endpoint. # RegistryTLSConfig ```yaml theme={null} apiVersion: v1alpha1 kind: RegistryTLSConfig name: my-private-registry.local:5000 # Registry endpoint to apply the TLS configuration to. ca: |- # CA registry certificate to add the list of trusted certificates. -----BEGIN CERTIFICATE----- MIID...IDAQAB -----END CERTIFICATE----- # # Enable mutual TLS authentication with the registry. # clientIdentity: # cert: |- # -----BEGIN CERTIFICATE----- # MIID...IDAQAB # -----END CERTIFICATE----- # key: |- # -----BEGIN PRIVATE KEY----- # MIIE...AB # -----END PRIVATE KEY----- ```
Field Type Description Value(s)
`name` string Registry endpoint to apply the TLS configuration to.

Registry endpoint is the hostname part of the endpoint URL,
e.g. 'my-mirror.local:5000' for '[https://my-mirror.local:5000/v2/](https://my-mirror.local:5000/v2/)'.

The TLS configuration makes sense only for HTTPS endpoints.
The TLS configuration will apply to all image pulls for this
registry endpoint, by Talos or any Kubernetes workloads.
`clientIdentity` CertificateAndKey Enable mutual TLS authentication with the registry.
Client certificate and key should be PEM-encoded.
`ca` string CA registry certificate to add the list of trusted certificates.
Certificate should be PEM-encoded.
`insecureSkipVerify` bool Skip TLS server certificate verification (not recommended).