Skip to content

"Not on the same physical medium" security requirement for Tang server and clients #101

Open
@jamshid

Description

@jamshid

The README says it's important the Tang keys are not on the same physical medium when using a container, but that's not really docker/container-specific right? If the Tang server and a client are running in virtual machines on the same host and the server is stolen, the data can be unencrypted.

Docker Container
Tang is also available as a Docker Container.
Care should be taken to ensure that, when deploying in a container cluster, that the Tang keys are not stored on the same physical medium that you wish to protect.

IMO it would be good to move the "Tang keys must not be stored on the same physical medium that you wish to protect" requirement to https://github.com/latchset/tang/#security-considerations.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions