Where do you keep your secrets?

Where do you keep your secrets?

KumoMTA KumoMTA

KumoMTA

The first Open-Source MTA built from the ground-up for large-volume senders.

发布日期: 2023年11月22日
+ 关注

Are you still keeping your secrets, credentials, and keys in the same server that is using them? Really? Let's think about that for a minute.

KumoMTA has a built-in keysource function that allows you to retrieve your secrets from a remote, secure store to protect you from physical theft or local intrusions. For DKIM signers, TLS certificates and keys, and HTTP or SMTP Auth credentials, this is essential in any modern #email deployment. 

local vault_signer = kumo.dkim.rsa_sha256_signer {
  key = {
    vault_mount = 'secret',
    vault_path = 'dkim/' .. msg:from_header().domain,

    -- Specify how to reach the vault; if you omit these,
    -- values will be read from $VAULT_ADDR and $VAULT_TOKEN
    -- Note that these environment vars must be accessible
    -- by the kumod user.  If using systemd, edit the systemd
    -- service file. [Look here](docs/tutorial/using_vault/) for more information

    -- vault_address = "https://10.3.5.1:8200"
    -- vault_token = "hvs.TOKENTOKENTOKEN"
  },
}

Docs are here | Join the Discord | Read the blog | Follow us


要查看或添加评论,请登录

KumoMTA的更多文章

社区洞察

其他会员也浏览了