Skip to content

Secure the PLOSSYS 5 Services

For security reasons, we strongly recommend configuring the TLS encryption and regenating the client secret in the OIDC identity provider.

Configure the TLS Encryption

  1. For securing the connections between the services on the server, the certificate has to contain the server certificate, localhost and the Consul-specific server name (for example, <hostname>.node.dc1.consul), see the Requirement. The three domain names have to be combined in one cert.pem file.

  2. After the Secure PLOSSYS Administrator step, the certificate files are already located in /opt/seal/etc/tls. You have to specify the directory only:

    • TLS_DIR Directory for storing the files necessary for secure transfer within the PLOSSYS 5 services.

    Example - setting key via PLOSSYS CLI

    plossys config set TLS_DIR "/opt/seal/etc/tls" --insecure

  3. Restart PLOSSYS 5.

Configure the TLS Encryption in a Cluster

If you are running PLOSSYS 5 in a cluster, execute the configuration steps above on all PLOSSYS 5 servers.

Regenerate the Client Secret in the OIDC Identity Provider

  1. In the OIDC identity provider, regenerate the secret for the seal-plossys-cli client, refer to the SEAL Interfaces for OIDC documentation.

  2. For the PLOSSYS CLI call, specify the regenerated client secret in the following Linux environment variable:

    • AUTH_CLIENT_SECRET: Client secret generated in the OIDC identity provider for the seal-plossycli client.

Next Step

Continue with: Secure Consul

Back to top