luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Merge pull request #4575 from avoidik/patch-2

Browse source 
Add more essential notes into production hardening guide
This commit is contained in:
Jeff Mitchell 2018-05-17 09:05:34 -07:00 committed by GitHub
parent 5dcfc63ee6 63963a73a6
commit 4ab7275c95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
website/source/guides/operations/production.html.md
View file

@ -108,3 +108,14 @@ and practical.
corruption or loss by modifying or deleting keys. Access to the storage corruption or loss by modifying or deleting keys. Access to the storage
backend should be restricted to only Vault to avoid unauthorized access or backend should be restricted to only Vault to avoid unauthorized access or
operations. operations.
* **Disable Shell Command History**. You may want the `vault` command itself to
not appear in history at all. Refer to [additional methods](/guides/secret-mgmt/static-secrets.html#additional-discussion)
for guidance.
* **Tweak ulimits**. It is possible that your Linux distribution has strict process `ulimits`.
Consider to review `ulimits` for maximum amount of open files, connections, etc. before
going into production; they may need increasing.
* **Docker Containers**. To leverage the ["memory lock"](/docs/configuration/index.html#disable_mlock)
feature inside the Vault container you will likely need to use the `overlayfs2` or another supporting driver.