Hi Roger,
On 16-11-18 07:02, Roger Fischer wrote:
Hi Alex,
our device is unattended, not always on, and in some cases in only
semi-secured locations. Besides preventing root access, we also need to
protect against the hacking of a stolen device (or disk).
Human interaction is not practical
Am 2018-11-16 07:02, schrieb Roger Fischer:
Hi Alex,
our device is unattended, not always on, and in some cases in only
semi-secured locations. Besides preventing root access, we also need
to protect against the hacking of a stolen device (or disk).
Human interaction is not practical (other tha
Hi Alex,
our device is unattended, not always on, and in some cases in only semi-secured
locations. Besides preventing root access, we also need to protect against the
hacking of a stolen device (or disk).
Human interaction is not practical (other than in exceptional situations).
Roger
> On
HI
isn't this a bit futile, if they can get onto the box that has nginx they
can get either the private key or secret to get the private key.
safer would be to make it that you need human interact to start nginx.
But till a memory dump of the app would get you the private key.
On Fri, 16 Nov
Hello!
On Wed, Nov 14, 2018 at 12:17:57PM -0800, Roger Fischer wrote:
> Hello,
>
> does NGINX support any mechanisms to securely access the private
> key of server certificates?
>
> Specifically, could NGINX make a request to a key store, rather
> than reading from a local file?
>
> Are ther
Hi,
You might want to consider something like OpenResty, which allows for serving
certificates on the fly with Lua logic. You can use this to fetch cert/key
material via Vault or some other secure data store that can be accessed via TCP
(or you could also keep the encrypted private key on-disk
Hello,
does NGINX support any mechanisms to securely access the private key of server
certificates?
Specifically, could NGINX make a request to a key store, rather than reading
from a local file?
Are there any best practices for keeping private keys secure?
I understand the basics. The key fi
