Security
Security is a critical aspect of any application. In this section, we will discuss the security features of the BanyanDB.
Authentication
BanyanDB supports TLS for secure communication between servers. The following flags are used to configure TLS:
--tls
: gRPC Connection uses TLS if true, else plain TCP.--http-tls
: HTTP Connection uses TLS if true, else plain HTTP.--key-file string
: The TLS key file for gRPC.--cert-file string
: The TLS certificate file for gRPC.--http-grpc-cert-file string
: The gRPC TLS certificate file if the gRPC server enables TLS. It should be the same as thecert-file
. It is used for gRPC over HTTP.--http-key-file string
: The TLS key file of the HTTP server.--http-cert-file string
: The TLS certificate file of the HTTP server.
For example, to enable TLS for gRPC communication, you can use the following flags:
banyand liaison --tls=true --key-file=server.key --cert-file=server.crt --http-grpc-cert-file=server.crt --http-tls=true --http-key-file=server.key --http-cert-file=server.crt
If you only want to security gRPC connection, you can leave --http-tls=false
.
banyand liaison --tls=true --key-file=server.key --cert-file=server.crt --http-grpc-cert-file=server.crt
Also, you can enable TLS for HTTP connection only.
banyand liaison --http-tls=true --http-key-file=server.key --http-cert-file=server.crt
Note: BanyanDB does not support TLS between liaison and data nodes.
Authorization
BanyanDB does not have built-in authorization mechanisms. However, you can use external tools like Envoy or Istio to manage access control and authorization.
Data Encryption
BanyanDB does not provide data encryption at rest. If you require data encryption, you can use disk-level encryption or other encryption mechanisms provided by the underlying storage system.