16 lines
736 B
YAML
16 lines
736 B
YAML
---
|
|
security:
|
|
- |
|
|
As a followup to the fix that resolved CVE-2018-16856, Octavia will now
|
|
encrypt certificates and keys used for secure communication with amphorae,
|
|
in its internal workflows. Octavia used to exclude debug-level log prints
|
|
for specific tasks and flows that were explicitly specified by name, a
|
|
method that is susceptive to code changes.
|
|
other:
|
|
- |
|
|
Added a new option named server_certs_key_passphrase under the certificates
|
|
section. The default value gets copied from an environment variable named
|
|
TLS_PASS_AMPS_DEFAULT. In a case where TLS_PASS_AMPS_DEFAULT is not set,
|
|
and the operator did not fill any other value directly,
|
|
'insecure-key-do-not-use-this-key' will be used.
|