Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[question] consul exec production security policy #532
We would like to leave consul exec enabled on most, if not all, of our nodes but:
KV ACL was our first attempt, but since nodes must be allowed to write an ack during exec, and since consul exec accepts kv --prefix, it doesn't seem to help much with point b)
Are some kind of exec ACLs on the roadmap?
As an interim step perhaps the security could be delegated? Sort of like the SSH 'ForceCommand' such that the requested command would be passed to some other command? In this way I could validate that the command is either on a known whitelist, or verify that the command is signed in some manner by an authorized user.
Otherwise it is a very ugly security story.
referenced this issue
Mar 18, 2015
@armon I would also like to see a feature, where we can decide which commands are whitelisted, e.g. block