Don't persist gossip encryption keys #835
Labels
theme/operator-usability
Replaces UX. Anything related to making things easier for the practitioner
type/enhancement
Proposed improvement or new feature
Comments
|
It is possible that we could support an option for not persisting the keyring to a file. It is already kept in-memory, we just make a call to a serializer method to persist it when it changes. I could see that being useful optional behavior. Marking as an enhancement. The serf directory also contains the serf snapshots, which are used to store cluster state like alive nodes. This is used to perform automatic re-joins among other things. Nuking the serf directory isn't something we thought about/intended users to do, but you could definitely give it a shot. |
|
Thanks @ryanuber! |
slackpad
added
the
theme/operator-usability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A common security recommendation is to store credentials and secret keys on a ramdisk so that they go away if the host is rebooted and are never persisted.
Would it be possible to (optionally) store the keyring state only in memory? With this enabled, the agent would always use the provided key on start, trusting that it will be the current key, then get the rest of the keyring from other nodes.
An external system would be responsible for ensuring that each node has the correct key to use on start.
One workaround for not having this feature is putting the entire serf directory on a ramdisk. Would that cause any issues? Is there state in the serf directory that needs to be persisted across reboots?
The text was updated successfully, but these errors were encountered: