Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The number of TLS configuration flags needed to secure a backend is too high #3649

Closed
cwjohnston opened this issue Mar 26, 2020 · 5 comments
Closed

The number of TLS configuration flags needed to secure a backend is too high #3649

cwjohnston opened this issue Mar 26, 2020 · 5 comments
Labels
component:backend Sensu Backend improvements needs-proposal reviewed wontfix

Comments

@cwjohnston
Copy link
Contributor

Expected Behavior

For simple scenarios, only one certificate, key and trusted CA need be specified in the backend configuration to secure all listening ports.

Current Behavior

Securing all listening ports with a single TLS certificate/key pair requires providing values for the following parameters:

  • etcd-cert-file
  • etcd-key-file
  • etcd-trusted-ca-file
  • etcd-peer-cert-file
  • etcd-peer-key-file
  • etcd-peer-trusted-ca-file
  • cert-file
  • key-file
  • trusted-ca-file

Possible Solution

Allow cert-file, key-file and trusted-ca-file values to act as defaults for corresponding flags prefixed with etcd- and etcd-peer-.

Context
@echlebek
Copy link
Contributor

Something we can address in 6.0!

@echlebek echlebek added this to the 6.0.0 milestone Mar 27, 2020
@calebhailey calebhailey added reviewed component:backend Sensu Backend improvements labels Apr 5, 2020
@echlebek echlebek mentioned this issue May 25, 2020
Closed
@portertech
Copy link
Contributor

I am concerned that setting a default value for the etcd keys could be problematic as it would force encryption when it may not be desired. Further discussion is needed, removing from the 6.0 milestone.

@portertech portertech removed this from the 6.0.0 milestone Jun 2, 2020
@portertech
Copy link
Contributor

Cyril's comment: "we intentionally split these out in response to user demand"

@portertech
Copy link
Contributor

@cwjohnston I would like us to discuss this one before I close it.

@stale
Copy link

stale bot commented Nov 29, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 29, 2020
@stale stale bot closed this as completed Dec 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:backend Sensu Backend improvements needs-proposal reviewed wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@calebhailey @cwjohnston @portertech @echlebek