Description
In the 2019-05-04 Jaeger security audit, the auditors wrote:
no actual security threats have been identified and only a handful of miscellaneous issues could be spotted.
However, the auditors were concerned with the lack of the actual security mechanisms:
Everywhere in the codebase and in terms of key properties, a correct and complete configuration of the deployment and execution environment is a precondition and main approach. Such a complete reliance on perimeter-security calls the generally accepted industry practice of defense-in-depth into question.
This issue is a checklist of the existing security mechanisms in Jaeger, and any remaining gaps. It is broken into pairwise connections between Jaeger components.
Please refer to Security page in Jaeger documentation for instructions on securing Jaeger installation.
Client to Agent
Agent is deprecated (#1718).
-
UDP channels - no TLS/authentication - HTTP config channel - Support TLS and mTLS in collector and query HTTP servers #2249
Client to Collector
- HTTP - Support TLS and mTLS in collector and query HTTP servers #2249
- Note: some clients support passing auth-tokens or basic auth, that can be used if a reverse proxy is placed in front of collectors.
- Blog post: Secure architecture for Jaeger with Apache httpd reverse proxy on OpenShift
Agent to Collector
Agent is deprecated (#1718).
- gRPC - TLS with client cert authentication supported
Collector/Query to Storage
- Cassandra - TLS with client cert authentication supported;
bearer token propagation - Elasticsearch - TLS with client cert authentication supported; bearer token propagation
- Kafka - Kerberos authentication supported
Browser to UI
- HTTP - TLS (Support TLS and mTLS in collector and query HTTP servers #2249)
- HTTP - authentication ([Feature]: Authentication support for Jaeger UI #4840)