Documentation updates #587

Merged
lx merged 8 commits from doc-updates into main 2023-06-14 10:57:32 +00:00
Showing only changes of commit 9092c71a01 - Show all commits

View file

@ -49,14 +49,9 @@ implements a protocol that has been clearly reviewed, Secure ScuttleButt's
Secret Handshake protocol. This is why setting a `rpc_secret` is mandatory, Secret Handshake protocol. This is why setting a `rpc_secret` is mandatory,
and that's also why your nodes have super long identifiers. and that's also why your nodes have super long identifiers.
## Encrypting traffic between a Garage node and your client ## HTTP API endpoints provided by Garage are in clear text
HTTP API endpoints provided by Garage are in clear text. Adding TLS support built into Garage is not currently planned.
You have multiple options to have encryption between your client and a node:
- Setup a reverse proxy with TLS / ACME / Let's encrypt
- Setup a Garage gateway locally, and only contact the garage daemon on `localhost`
- Only contact your Garage daemon over a secure, encrypted overlay network such as Wireguard
## Garage stores data in plain text on the filesystem ## Garage stores data in plain text on the filesystem
@ -76,6 +71,14 @@ system such as Hashicorp Vault?
# Adding data encryption using external tools # Adding data encryption using external tools
## Encrypting traffic between a Garage node and your client
You have multiple options to have encryption between your client and a node:
- Setup a reverse proxy with TLS / ACME / Let's encrypt
- Setup a Garage gateway locally, and only contact the garage daemon on `localhost`
- Only contact your Garage daemon over a secure, encrypted overlay network such as Wireguard
## Encrypting data at rest ## Encrypting data at rest
Protects against the following threats: Protects against the following threats: