Skip to content

TLS integration #249

New issue
New issue
Open
Open
TLS integration#249
Labels
mvpsecurityRelated to security.
Milestone
 
MVP
@smklein

Description

@smklein
smklein
opened on Sep 16, 2021

We have a number of services which will need TLS integration. This issue tracks that integration:

Nexus

Nexus exposes an external server for servicing client requests, as well as an internal server for handling requests from sled agents. Both should exclusively use encrypted traffic.

Agents

Sled Agent, Bootstrap Agent, Oximeter and others (e.g., the to-be-created SP agent, possibly?) employ cross-machine communication, and will need TLS integration to securely communicate.

CockroachDB

For development purposes, we use the --insecure flag when deploying CockroachDB instances. However, in the limit, we should ensure that we can safely deploy Cockroach instances using exclusively encrypted traffic.

Blocked on...

  • TLS integration into Dropshot
  • Having a proper story for key storage and retrieval
  • Externally-exposed services utilizing TLS
  • Internally-exposed services utilizing TLS
  • CockroachDB communicating utilizing TLS

Metadata

Metadata

Assignees

No one assigned

    Labels

    mvpsecurityRelated to security.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions