luxolus/open-consul
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

website: docs for keyring ACLs

Browse source
This commit is contained in:
Ryan Uber 2015-07-07 11:45:49 -06:00
parent 4ac7596b14
commit d7f76702fe
1 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
website/source/docs/internals/acl.html.markdown
View file

@ -18,8 +18,8 @@ on tokens to which fine grained rules can be applied. It is very similar to
When the ACL system was launched in Consul 0.4, it was only possible to specify When the ACL system was launched in Consul 0.4, it was only possible to specify
policies for the KV store. In Consul 0.5, ACL policies were extended to service policies for the KV store. In Consul 0.5, ACL policies were extended to service
registrations. In Consul 0.6, ACL's were further extended to restrict the registrations. In Consul 0.6, ACL's were further extended to restrict service
service discovery mechanisms and user events.. discovery mechanisms, user events, and encryption keyring operations.
## ACL Design ## ACL Design
@ -147,6 +147,27 @@ event "" {
As always, the more secure way to handle user events is to explicitly grant As always, the more secure way to handle user events is to explicitly grant
access to each API token based on the events they should be able to fire. access to each API token based on the events they should be able to fire.
### Blacklist mode and Keyring Operations
Consul 0.6 and later supports securing the encryption keyring operations using
ACL's. Encryption is an optional component of the gossip layer. More information
about Consul's keyring operations can be found on the [keyring
command](/docs/commands/keyring.html) documentation page.
If your [`acl_default_policy`](/docs/agent/options.html#acl_default_policy) is
set to `deny`, then the `anonymous` token will not have access to read or write
to the encryption keyring. The keyring policy is yet another first-class citizen
in the ACL syntax. You can configure the anonymous token to have free reign over
the keyring using a policy like the following:
```
keyring = "write"
```
Encryption keyring operations are sensitive and should be properly secured. It
is recommended that instead of configuring a wide-open policy like above, a
per-token policy is applied to maximize security.
### Bootstrapping ACLs ### Bootstrapping ACLs
Bootstrapping the ACL system is done by providing an initial [`acl_master_token` Bootstrapping the ACL system is done by providing an initial [`acl_master_token`
@ -229,6 +250,9 @@ event "" {
event "destroy-" { event "destroy-" {
policy = "deny" policy = "deny"
} }
# Read-only mode for the encryption keyring by default (list only)
keyring = "read"
``` ```
This is equivalent to the following JSON input: This is equivalent to the following JSON input:
@ -261,7 +285,8 @@ This is equivalent to the following JSON input:
"destroy-": { "destroy-": {
"policy": "deny" "policy": "deny"
} }
} },
"keyring": "read"
} }
``` ```