Merge pull request #4575 from avoidik/patch-2

Add more essential notes into production hardening guide
This commit is contained in:
Jeff Mitchell 2018-05-17 09:05:34 -07:00 committed by GitHub
commit 4ab7275c95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -108,3 +108,14 @@ and practical.
corruption or loss by modifying or deleting keys. Access to the storage
backend should be restricted to only Vault to avoid unauthorized access or
operations.
* **Disable Shell Command History**. You may want the `vault` command itself to
not appear in history at all. Refer to [additional methods](/guides/secret-mgmt/static-secrets.html#additional-discussion)
for guidance.
* **Tweak ulimits**. It is possible that your Linux distribution has strict process `ulimits`.
Consider to review `ulimits` for maximum amount of open files, connections, etc. before
going into production; they may need increasing.
* **Docker Containers**. To leverage the ["memory lock"](/docs/configuration/index.html#disable_mlock)
feature inside the Vault container you will likely need to use the `overlayfs2` or another supporting driver.