Allow to disable instance identity via environment flag #552
Comments
|
@nebhale If I understand the patch correctly, this feature completely disables the security provider and not just the identity keystore. Is this correct? If yes, than this is more then I asked for. The TrustManager mechanism should stay enabled. |
nebhale
added a commit
to cloudfoundry/java-buildpack-security-provider
that referenced
this issue
Feb 15, 2018
Previously, the addition of the SecurityProvider to an application meant that you always got both the KeyManager and TrustManager for in that application (although if certain artifacts were missing, these might be no ops). There are certain circumstances where you might want one or the other of the managers though, so being able to disable them individually is useful. This change adds an inspection of the org.cloudfoundry.security.keymanager.enabled and org.cloudfoundry.security.trustmanager.enabled properties to determine if they should be disabled. These properties default to true if unspecified. [cloudfoundry/java-buildpack#552]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When diego instance identities are enabled, Java buildpack automatically creates an identity keystore.
This can lead to unwanted complications in apps on an existing CF installation where this happens during a cf-deployment update.
Please introduce an environment flag that disables the creation of the instance identity keystore to enable app level control over this feature.
The text was updated successfully, but these errors were encountered: