TLS / certificates

in transit tls for agent ↔ control plane communication tls for web ui/api access tls for integration calls (git, observability, identity providers) enterprise requirements document support for custom ca trust bundles internal pki certificates (on prem) tls termination models (if self hosted) certificate rotation practices best practice never disable certificate verification in production rotate credentials/certs on schedule separate certs per environment where possible