swanctl Directory

The swanctl configuration directory, usually /etc/swanctl, contains swanctl.conf and a predefined
set of sub-directories that provide file based credentials, such as private keys and certificates, which are
read by the swanctl --load-creds command.

Since 5.7.2, these directories are accessed relative to the loaded swanctl.conf file (in particular, when
loading it from a custom location via --file argument). The location of the swanctl directory, which
is used if --file is not used, may also be specified at runtime via SWANCTL_DIR environment variable.

Each sub-directory is used for a specific kind of credential:

Directory Contents
conf.d Config snippets, included via include conf.d/*.conf in the default swanctl.conf file since 5.6.0
x509 Trusted X.509 end entity certificates
x509ca Trusted X.509 Certificate Authority certificates
x509aa Trusted X.509 Attribute Authority certificates
x509ocsp Trusted X.509 OCSP signer certificates
x509crl Certificate Revocation Lists
x509ac Attribute Certificates
rsa PKCS#1 encoded RSA private keys
ecdsa Plain ECDSA private keys
pkcs8 PKCS#8 encoded private keys of any type
pkcs12 PKCS#12 containers
private Private keys in any format
pubkey Raw public keys

All files may be either DER or PEM encoded.