Re: community feedback on removing non-encrypted support from consul-release

Aaron Huber

It's more of a theoretical concern about double-encrypting, I'd expect with
modern CPUs it should be more or less undetectable. Again, I wouldn't hold
off implementing the change because of this, we'd just have to adjust our

The most obvious example of passwords on the wire in clear text was the
staging upload username/password being sent to the DEAs via NATS. I'm
actually not sure how those credentials flow through to Diego without
digging into the code.

There were a few others we identified the last time we looked. I recall the
VARZ credentials were in NATS also. I didn't make an extensive list at the
time - as soon as we found one we had to implement network level encryption.


View this message in context:
Sent from the CF BOSH mailing list archive at

Join { to automatically receive all group messages.