Roman Gorshunov b240a19c6c Add repository depreciation warning

Depends-on: I144480e9bb6f5cbe7dc71441b2ad77362fb95f59
Change-Id: I177d7fa3dc55b591a0392d3e2eea9cacbccb1b9f

2019-07-05 14:41:11 +00:00

2.5 KiB

Raw Blame History

Warning

This repository is being deprecated. Project documentation has moved to the Airship Docs project, and Airship-in-a-Bottle environment will be merged into the Airship Treasuremap project.

Template for a Security Guide Topic

Updated: 1-AUG-2018

An overview of the scope of this topic.

depth: 2

Security Item List

Sensitive Data Security

Sensitive data should be encrypted at-rest.

Project Scope: Deckhand

Solution Remediated: The storagePolicy metadata determines if Deckhand will persist document data encrypted.

Audit: Testing: Pipeline test checks that documents with a storagePolicy: encrypted are not persisted to the database with an intact data section.

Sensitive data should be encrypted in-transit.

Project Scope: Shipyard, Deckhand

Solution Pending: Shipyard and Deckhand API endpoints should support TLS. See data_security.

Audit: Pending: Expect to validate post-deployment that endpoints all support TLS

Configuration Guidance

For items that require guidance on configuration that impact a security item please list an item here. Use RST anchors and links to link the security item solution status to this guidance.

Temporary Mitigation Status

Data Security In-Transit

Current work to support Deckhand enabling TLS termination, Shipyard enabling self-signing CAs and Barbican supporting TLS termination.

References

Transport Layer Security (TLS)

2.5 KiB Raw Blame History