# Using Mutual TLS for Agents

You can configure protocol-mapper agents to use mutual TLS (mTLS) for secure communication with Connectware. In the following example setup, the agent connects via MQTT over a secure TLS connection (port 8883), requiring both client and CA certificates for mutual authentication. This approach ensures that both the server and the client verify each other's identities, adding an extra layer of security.

Additionally, the control plane connection will use mTLS, requiring a change to `CYBUS_CONTROLPLANE_URI`, using the `nats://` scheme as well as port `4222`.

The example shows how to configure environment variables such as `CYBUS_CONTROLPLANE_URI`, `CYBUS_MQTT_SCHEME`, `CYBUS_MQTT_PORT`, and `USE_MUTUAL_TLS`. It also explains how to mount certificates using Docker volumes to ensure secure communication between the agent and the server.

{% code lineNumbers="true" %}

```yaml
version: '2.0'
services:
    protocol-mapper-agent:
        image: registry.cybus.io/cybus/protocol-mapper:${IMAGE_TAG}
        environment:
            CYBUS_AGENT_MODE: distributed
            CYBUS_AGENT_NAME: myAgent
            CYBUS_MQTT_SCHEME: mqtts
            CYBUS_MQTT_HOST: 10.11.12.13
            CYBUS_MQTT_PORT: '8883'
            CYBUS_CONTROLPLANE_URI: nats://10.11.12.13:4222
            USE_MUTUAL_TLS: true
        volumes:
            - protocol-mapper-agent:/data
            - /mycerts:/connectware/certs/client
            - /myca:/connectware/certs/ca
        restart: unless-stopped
        network_mode: host
        hostname: <some-suitable-hostname>
volumes:
    protocol-mapper-agent:
```

{% endcode %}