Netplan supports advanced authentication settings for ethernet and wifi
interfaces, as well as individual wifi networks, by means of the auth block.

auth (mapping)

Specifies authentication settings for a device of type ethernets:, or
an access-points: entry on a wifis: device.

The auth block supports the following properties:

key-management (scalar)

The supported key management modes are none (no key management);
psk (WPA with pre-shared key, common for home wifi); eap (WPA
with EAP, common for enterprise wifi); and 802.1x (used primarily
for wired Ethernet connections).

password (scalar)

The password string for EAP, or the pre-shared key for WPA-PSK.

The following properties can be used if key-management is eap
or 802.1x:

method (scalar)

The EAP method to use. The supported EAP methods are tls (TLS),
peap (Protected EAP), and ttls (Tunneled TLS).

identity (scalar)

The identity to use for EAP.

anonymous-identity (scalar)

The identity to pass over the unencrypted channel if the chosen EAP
method supports passing a different tunnelled identity.

ca-certificate (scalar)

Path to a file with one or more trusted certificate authority (CA)

client-certificate (scalar)

Path to a file containing the certificate to be used by the client
during authentication.

client-key (scalar)

Path to a file containing the private key corresponding to

client-key-password (scalar)

Password to use to decrypt the private key specified in
client-key if it is encrypted.

phase2-auth (scalar) – since 0.99

Phase 2 authentication mechanism.