Project

General

Profile

Actions

Support #20888

closed

Document encrypted certificates feature of installer

Added by Peter Amstutz 11 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Documentation
Due date:
Story points:
-

Subtasks 1 (0 open1 closed)

Task #20912: Review 20888-encrypted-cert-key-docResolvedPeter Amstutz09/08/2023Actions
Actions #1

Updated by Peter Amstutz 11 months ago

  • Target version changed from Development 2023-08-30 to Development 2023-09-13 sprint
Actions #2

Updated by Peter Amstutz 11 months ago

  • Target version changed from Development 2023-09-13 sprint to Development 2023-09-27 sprint
Actions #3

Updated by Peter Amstutz 11 months ago

  • Target version changed from Development 2023-09-27 sprint to Development 2023-09-13 sprint
Actions #4

Updated by Peter Amstutz 11 months ago

  • Category set to Documentation
Actions #5

Updated by Peter Amstutz 11 months ago

  • Assigned To set to Lucas Di Pentima
Actions #6

Updated by Lucas Di Pentima 10 months ago

  • Status changed from New to In Progress
Actions #7

Updated by Lucas Di Pentima 10 months ago

Updates at a47889b33 - branch 20888-encrypted-cert-key-doc
Test run: developer-run-tests-doc-and-sdk-R: #1978

There was some basic documentation from #20889, so I took the time to expand it a bit explaining what it does and how to use openssl and awscli to use it.

Actions #8

Updated by Peter Amstutz 10 months ago

Suggest minor text edits below, rest LGTM

Securing your TLS certificate keys (AWS specific) (optional)

When using SSL_MODE=bring-your-own, you can keep your TLS certificate keys encrypted on the server nodes. This reduces the risk of certificate leaks from node disk volumes snapshots or backups.

This feature is currently implemented in AWS by providing the certificate keys’ password via Amazon’s Secrets Manager service, and installing appropriate services on the nodes that provide this password to nginx via a file that only lives in system RAM.

Actions #9

Updated by Lucas Di Pentima 10 months ago

  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF