Open clement94310 opened 5 months ago
guerzon
commented
5 months ago Hi @clement94310,
The recommended way is to terminate SSL/TLS using a reverse proxy or, in Kubernetes context, using the ingress. The Vaultwarden maintainers have the same recommendation for Vaultwarden (see https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS#via-rocket).
If you really require this, let me know and I will find time, but also feel free to submit a PR.
Cheers, Lester
clement94310
commented
5 months ago Hello yes i used a alb as a proxy but it does not protect to sniffing data on nodes kubernetes isnt it
guerzon
commented
5 months ago If you have actual concerns about pod traffic being sniffed, IMO you have a much bigger problem.
Nevertheless, for secure pod communication, the pattern I often see is using the service mesh to manage SSL/TLS rather than letting each application handle its own SSL/TLS implementation.
If you really want to implement the TLS on Rocket, I recommend checking this guide and submitting a PR.
Hello do you think to add https on rocket service to manage end to end encryption ?