Chapter 4. Configuring encryption


Configure encryption for your Data Grid.

4.1. Enabling TLS encryption

Encryption can be independently enabled for endpoint and cluster transport.

Prerequisites

  • A secret containing a certificate or a keystore. Endpoint and cluster should use different secrets.
  • A credentials keystore containing any password needed to access the keystore. See Adding credentials keystore.

Procedure

  1. Set the secret name in the deploy configuration.

    Provide the name of the secret containing the keystore:

    deploy:
      ssl:
        endpointSecretName: "tls-secret"
        transportSecretName: "tls-transport-secret"
    Copy to Clipboard Toggle word wrap
  2. Enable cluster transport TLS.

    deploy:
      infinispan:
        cacheContainer:
          transport:
             urn:infinispan:server:15.0:securityRealm: >
              "cluster-transport" 
    1
    
        server:
          security:
            securityRealms:
              - name: cluster-transport
                serverIdentities:
                  ssl:
                    keystore: 
    2
    
                      alias: "server"
                      path: "/etc/encrypt/transport/cert.p12"
                      credentialReference: 
    3
    
                        store: credentials
                        alias: keystore
                    truststore: 
    4
    
                      path: "/etc/encrypt/transport/cert.p12"
                      credentialReference: 
    5
    
                        store: credentials
                        alias: truststore
    Copy to Clipboard Toggle word wrap
    1
    Configures the transport stack to use the specified security-realm to provide cluster encryption.
    2
    Configure the keystore path in the transport realm. The secret is mounted at /etc/encrypt/transport.
    3 5
    Configures the truststore with the same keystore allowing the nodes to authenticate each other.
    4
    Alias and password must be provided in case the secret contains a keystore.
  3. Enable endpoint TLS.

    deploy:
      infinispan:
        server:
          security:
            securityRealms:
              - name: default
                serverIdentities:
                  ssl:
                    keystore:
                      path: "/etc/encrypt/endpoint/keystore.p12" 
    1
    
                      alias: "server" 
    2
    
                      credentialReference:
                        store: credentials 
    3
    
                        alias: keystore 
    4
    Copy to Clipboard Toggle word wrap
    1
    Configure the keystore path in the endpoint realm; secret is mounted at /etc/encrypt/endpoint.
    2
    Alias must be provided in case the secret contains a keystore.
    3 4
    Any password must be provided with via credentials keystore.
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat