Add option to enable TLS for communication with Trillian #2163
Labels
enhancement
New feature or request
Comments
This was referenced Jun 30, 2024
|
I think this is complete now? |
This was referenced Aug 3, 2024
JasonPowr
pushed a commit
to securesign/rekor
that referenced
this issue
Aug 21, 2024
#### Summary This pull request introduces support for enabling TLS in communications with the Trillian server. By adding a new command-line flag `--trillian_log_server.tls_ca_cert` and implementing the necessary logic to handle TLS certificates, this update enhances the security of Rekor. #### Release Note - Feature: Added support for TLS in communication with the Trillian server. - New Flag: - `--trillian_log_server.tls_ca_cert` to specify the CA certificate file path for secure connections. Resolves Issue: sigstore#2163 --------- Signed-off-by: Firas Ghanmi <fghanmi@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Currently, the communication between Rekor and Trillian server does not support Transport Layer Security. This exposes the system to potential security risks such as data interception and man-in-the-middle attacks. To enhance the security and integrity of services communications, it is imperative to introduce an option to enable TLS - Rekor would ensure the verification of Trillian's certificates.
The text was updated successfully, but these errors were encountered: