mirror of https://github.com/jpetazzo/container.training.git synced 2026-03-02 01:10:20 +00:00

Files

Jérôme Petazzoni f8888bf16a Split out content to many smaller files

And add markmaker.py to generate workshop.md

2017-10-09 16:56:23 +02:00

Secrets management and encryption at rest

(New in Docker Engine 1.13)

Secrets management = selectively and securely bring secrets to services
Encryption at rest = protect against storage theft or prying
Remember:
- control plane is authenticated through mutual TLS, certs rotated every 90 days
- control plane is encrypted with AES-GCM, keys rotated every 12 hours
- data plane is not encrypted by default (for performance reasons),
  but we saw earlier how to enable that with a single flag