Secure the PLOSSYS 5 Services¶
For security reasons, we strongly recommend configuring the TLS encryption and regenating the client secret in the OIDC identity provider.
Configure the TLS Encryption¶
-
For securing the connections between the services on the server, the certificate has to contain
localhost
for self-signed certificates and the Consul-specific server name (for example,<hostname>.node.dc1.consul
) for any certificate, see the Requirement. -
After the Secure PLOSSYS Administrator step, the certificate files are already located in
C:\ProgramData\SEAL Systems\config\tls\
. You have to specify the directory only:TLS_DIR
Directory for storing the files necessary for secure transfer within the PLOSSYS 5 services.
Example - setting key via PLOSSYS CLI
plossys config set TLS_DIR "C:\ProgramData\SEAL Systems\config\tls" --insecure
Configure the TLS Encryption in a Cluster¶
If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.
Regenerate the Client Secret in the OIDC Identity Provider¶
-
In the OIDC identity provider, regenerate the secret for the
seal-plossys-cli
client, refer to the SEAL Interfaces for OIDC documentation. -
For the PLOSSYS CLI call, specify the regenerated client secret in the following Windows environment variable:
AUTH_CLIENT_SECRET
: Client secret generated in the OIDC identity provider for theseal-plossycli
client.
Next Step¶
Continue with: Secure Consul