Support #20888
closed
Document encrypted certificates feature of installer
Updated by Peter Amstutz 9 months ago
- Target version changed from Development 2023-08-30 to Development 2023-09-13 sprint
Updated by Peter Amstutz 8 months ago
- Target version changed from Development 2023-09-13 sprint to Development 2023-09-27 sprint
Updated by Peter Amstutz 8 months ago
- Target version changed from Development 2023-09-27 sprint to Development 2023-09-13 sprint
Updated by Lucas Di Pentima 8 months ago
Updates at a47889b33 - branch 20888-encrypted-cert-key-doc
Test run: developer-run-tests-doc-and-sdk-R: #1978
There was some basic documentation from #20889, so I took the time to expand it a bit explaining what it does and how to use openssl and awscli to use it.
Updated by Peter Amstutz 8 months ago
Suggest minor text edits below, rest LGTM
Securing your TLS certificate keys (AWS specific) (optional)¶
When using SSL_MODE=bring-your-own, you can keep your TLS certificate keys encrypted on the server nodes. This reduces the risk of certificate leaks from node disk volumes snapshots or backups.
This feature is currently implemented in AWS by providing the certificate keys’ password via Amazon’s Secrets Manager service, and installing appropriate services on the nodes that provide this password to nginx via a file that only lives in system RAM.
Updated by Lucas Di Pentima 8 months ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|01b836fc5b405d03f77155687c9f42664935008a.