Chapter 4. Configuring encryption
Configure encryption for your Data Grid.
4.1. Enabling TLS encryption 复制链接链接已复制到粘贴板!
复制链接链接已复制到粘贴板!
Encryption can be independently enabled for endpoint and cluster transport.
Prerequisites
- A secret containing a certificate or a keystore. Endpoint and cluster should use different secrets.
- A credentials keystore containing any password needed to access the keystore. See Adding credentials keystore.
Procedure
Set the secret name in the deploy configuration.
Provide the name of the secret containing the keystore:
deploy: ssl: endpointSecretName: "tls-secret" transportSecretName: "tls-transport-secret"
deploy: ssl: endpointSecretName: "tls-secret" transportSecretName: "tls-transport-secret"
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Enable cluster transport TLS.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - 1
- Configures the transport stack to use the specified security-realm to provide cluster encryption.
- 2
- Configure the keystore path in the transport realm. The secret is mounted at
/etc/encrypt/transport
. - 3 5
- Configures the truststore with the same keystore allowing the nodes to authenticate each other.
- 4
- Alias and password must be provided in case the secret contains a keystore.
Enable endpoint TLS.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow