Merge pull request #4575 from avoidik/patch-2
Add more essential notes into production hardening guide
This commit is contained in:
commit
4ab7275c95
|
@ -108,3 +108,14 @@ and practical.
|
|||
corruption or loss by modifying or deleting keys. Access to the storage
|
||||
backend should be restricted to only Vault to avoid unauthorized access or
|
||||
operations.
|
||||
|
||||
* **Disable Shell Command History**. You may want the `vault` command itself to
|
||||
not appear in history at all. Refer to [additional methods](/guides/secret-mgmt/static-secrets.html#additional-discussion)
|
||||
for guidance.
|
||||
|
||||
* **Tweak ulimits**. It is possible that your Linux distribution has strict process `ulimits`.
|
||||
Consider to review `ulimits` for maximum amount of open files, connections, etc. before
|
||||
going into production; they may need increasing.
|
||||
|
||||
* **Docker Containers**. To leverage the ["memory lock"](/docs/configuration/index.html#disable_mlock)
|
||||
feature inside the Vault container you will likely need to use the `overlayfs2` or another supporting driver.
|
||||
|
|
Loading…
Reference in a new issue