luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Update production.html.md

Browse source
This commit is contained in:
Viacheslav Vasilyev 2018-05-16 11:16:04 +03:00 committed by GitHub
parent 095baa8263
commit cc99d82e8f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
website/source/guides/operations/production.html.md
View file

@ -108,3 +108,14 @@ and practical.
corruption or loss by modifying or deleting keys. Access to the storage corruption or loss by modifying or deleting keys. Access to the storage
backend should be restricted to only Vault to avoid unauthorized access or backend should be restricted to only Vault to avoid unauthorized access or
operations. operations.
* **Disable shell-commands history**. You may want the vault command itself to
not appear in history at all. Refer to [additional methods](/guides/secret-mgmt/static-secrets.html#additional-discussion)
for protecting your static secrets.
* **Tweak ulimits**. It is possible that your Linux distribution have strict process `ulimits`.
Consider to review `ulimits` for maximum amount of open files, connections, etc. before
going into production.
* **Docker containers**. To leverage ["memory lock"](/docs/configuration/index.html#disable_mlock)
feature inside the vault container you should use `overlayfs2` or similar storage driver.