Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS configuration #49

Open
tjcelaya opened this issue Dec 19, 2017 · 2 comments · May be fixed by #50
Open

Add TLS configuration #49

tjcelaya opened this issue Dec 19, 2017 · 2 comments · May be fixed by #50

Comments

@tjcelaya
Copy link
Contributor

As a result of the current implementation of #48, RPC traffic is exposed publicly and should therefore be encrypted. Since consul provides mechanisms to do so we should include a way to inject certs into the containers before consul can start in a similar fashion to how autopilotpattern/vault uses docker exec to bootstrap.

The proposed design is to check for CONSUL_TLS_PATH during preStart and if present, wait for a file to appear the the specified path. Gossip key configuration can be done by specifying CONSUL_ENCRYPT_PATH or CONSUL_ENCRYPT_BASE64.

@misterbisson
Copy link
Contributor

This is implemented in https://github.com/autopilotpattern/vault/

@tjcelaya
Copy link
Contributor Author

tjcelaya commented Dec 19, 2017

Right, the plan was to adapt the strategy describe in this section of the autopilotpattern/vault README to get the key material into the containers and use CONSUL_TLS_PATH to signal to ContainerPilot where the key will appear. Leaving that environment variable empty would indicate no TLS was being configured.

@tjcelaya tjcelaya linked a pull request Dec 21, 2017 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants