Self-Hosted: Tines Command Runner supports custom CA

Self-hosted |March 24th, 2026

Tines Command Runner (TCR) deployments can now trust custom certificate authorities when the service installs Python packages for script actions.

To do this we added support for the UV_NATIVE_TLS environment variable. When you set it to 1, the TCR passes --native-tls to uv pip install, so uv uses the container’s system TLS trust store instead of its bundled public roots. TCR's handling of custom certificates matches how many enterprises already install internal CAs:

Add certificates under /usr/local/share/ca-certificates/,
Run update-ca-certificates before the process starts (so they are merged into the system bundle), then
Enable UV_NATIVE_TLS on the command runner. Without UV_NATIVE_TLS uv will keep using its built-in roots, so extra CAs on the filesystem alone will not change package install trust.

When you configure on the command runner with the UV_NATIVE_TLS you should continue using your existing proxy or index settings.

More ‘Self-hosted’ updates

Deploy Tines with Helm Charts

Self-hosted |February 25, 2026

Other recent updates

Solutions

By product

Professional services

By team

Tines for

Partners

Blog

Tines Blog →

Discover & Learn

Workflow capability matrix

Case studies

Library

University

Tines Explained ^↗

Customer center

Join the team

Careers

Company

About

Tines Store ^↗