Re: Encryption method of CF CLI when running commands

James Bayer

the "cf api api.SYSTEMDOMAIN" command requires https with a valid cert
unless you use the flag that bypasses that.

$ cf api
Setting api endpoint to
Invalid SSL Cert for
TIP: Use 'cf api --skip-ssl-validation' to continue with an insecure API

once targeted, you can see the other endpoint protocols by looking at the
/v2/info endpoint. the default settings are to use HTTPS everywhere.
whether you use a valid cert or not depends on how you configure the
server-side and whether you instruct the cli to ignore the cert checking.

e.g. this is for which uses secure transports for the UAA
(where your user/pw is sent unless you're using a SAML endpoint with "cf
login --sso") and getting the logs out of the system.

cf curl /v2/info

"name": "vcap",
"build": "2222",
"support": "",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "",
"token_endpoint": "",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.33.0",
"app_ssh_endpoint": "",
"app_ssh_host_key_fingerprint": null,
"logging_endpoint": "wss://",
"doppler_logging_endpoint": "wss://"

On Fri, Jul 17, 2015 at 9:55 AM, César Iván . <cesar_k13(a)> wrote:

Hi everyone,

I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit
worried about security, so the question is, what type of encryption uses
the CF CLI when running commands?

i.e: when I run the *login *command I need to type my user and pass, how
does it transport data from the server to the client and vice versa?


cf-dev mailing list

Thank you,

James Bayer

Join { to automatically receive all group messages.