mirror of https://github.com/status-im/consul.git
Fix some doc typos.
This commit is contained in:
parent
561bf69511
commit
2a467003a0
|
@ -49,7 +49,7 @@ Connect relies on to ensure it's security properties.
|
|||
A service's identity, in the form of an x.509 certificate, will only be issued
|
||||
to an API client that has `service:write` permission for that service. In other
|
||||
words, any client that has permission to _register_ an instance of a service
|
||||
will be able to identify as that service and access all of resources that that
|
||||
will be able to identify as that service and access all of the resources that that
|
||||
service is allowed to access.
|
||||
|
||||
A secure ACL setup must meet these criteria:
|
||||
|
@ -77,13 +77,13 @@ sufficient for ACL tokens to only be unique per _service_ and shared between
|
|||
instances.
|
||||
|
||||
It is much better though if ACL tokens are unique per service _instance_ because
|
||||
it limit the blast radius of a compromise.
|
||||
it limits the blast radius of a compromise.
|
||||
|
||||
A future release of Connect will support revoking specific certificates that
|
||||
have been issued. For example if a single node in a datacenter has been
|
||||
compromised, it will be possible to find all certificates issued to the agent on
|
||||
that node and revoke them. This will block all access to the intruder without
|
||||
taking unaffected instances of the service(s) on that node offline too.
|
||||
taking instances of the service(s) on other nodes offline too.
|
||||
|
||||
While this will work with service-unique tokens, there is nothing stopping an
|
||||
attacker from obtaining certificates while spoofing the agent ID or other
|
||||
|
@ -103,15 +103,19 @@ Vault](https://www.vaultproject.io/docs/secrets/consul/index.html).
|
|||
## Configure Agent Transport Encryption
|
||||
|
||||
Consul's gossip (UDP) and RPC (TCP) communications need to be encrypted
|
||||
otherwise attackers may be able to see tokens and private keys while in flight
|
||||
between the server and client agents or between client agent and application.
|
||||
otherwise attackers may be able to see ACL tokens while in flight
|
||||
between the server and client agents (RPC) or between client agent and
|
||||
application (HTTP). Certificate private keys never leave the host they
|
||||
are used on but are delivered to the application or proxy over local
|
||||
HTTP so local agent traffic should be encrypted where potentially
|
||||
untrusted parties might be able to observe localhost agent API traffic.
|
||||
|
||||
Follow the [encryption documentation](/docs/agent/encryption.html) to ensure
|
||||
both gossip encryption and RPC TLS are configured securely.
|
||||
both gossip encryption and RPC/HTTP TLS are configured securely.
|
||||
|
||||
For now client and server TLS certificates are still managed by manual
|
||||
configuration. In the future we plan to automate more of that with the same
|
||||
mechanisms connect offers to user applications.
|
||||
mechanisms Connect offers to user applications.
|
||||
|
||||
## Bootstrap Certificate Authority
|
||||
|
||||
|
@ -202,4 +206,4 @@ integrate](/docs/connect/native.html) with connect.
|
|||
If using any kind of proxy for connect, the application must ensure no untrusted
|
||||
connections can be made to it's unprotected listening port. This is typically
|
||||
done by binding to `localhost` and only allowing loopback traffic, but may also
|
||||
be achieved using firewall rules or network namespacing.
|
||||
be achieved using firewall rules or network namespacing.
|
||||
|
|
Loading…
Reference in New Issue