How to enable client authentication for Elasticsearch/Vector/HTTP sinks?

[0x25CBFC4F]

Hello.

Rules in my company declare mandatory TLS client certificate authentication.
How can I configure Vector sinks/sources to check said certificate?

For example: in Elasticsearch sink I can see parameters: tls.crt_file, tls.key_file.
Are they meant for server-side only use?

Documentation is unclear about that so I'd appreciate any help :)

[pront]

There is a bit more documentation here: https://vector.dev/docs/reference/configuration/tls/

If we take the ElasticSearch sink as an example, we use the provided tls settings and instantiate an secure HTTP client here for outgoing traffic:

vector/src/sinks/elasticsearch/config.rs

Line 544 in e44cd91

let client = HttpClient::new(common.tls_settings.clone(), cx.proxy())?;

When Vector is a source, it’s the server. When Vector is a sink, it’s the client.