Skip to content

Commit

Permalink
Merge pull request #326 from kingpong/doc-security-update
Browse files Browse the repository at this point in the history 
Updated readme with security paragraph
  • Loading branch information
@johnbellone
johnbellone authored Jun 10, 2016
2 parents cb7e5e2 + 1370c04 commit 450c0cc
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,22 @@ consul_service 'consul' do
config_file config.path
end
```

### Security
The default recipe makes the Consul configuration writable by the consul service user to avoid breaking existing implementations. You can make this more secure by setting the `node['consul']['config']` attribute to `root`, or set the `owner` property of `consul_config` explicitly:

```ruby
# attributes file
default['consul']['config']['owner'] = 'root'
```
or
```ruby
# recipe file
consul_config '/etc/consul/consul.json' do
owner 'root'
end
```

### Watches/Definitions
In order to provide an idempotent implementation of Consul
watches and definitions. We write these out as
Expand Down

0 comments on commit 450c0cc

Please sign in to comment.