Re: Encryption method of CF CLI when running commands


James Bayer
 

the "cf api api.SYSTEMDOMAIN" command requires https with a valid cert
unless you use the flag that bypasses that.

$ cf api api.example.com
Setting api endpoint to api.example.com...
FAILED
Invalid SSL Cert for api.example.com
TIP: Use 'cf api --skip-ssl-validation' to continue with an insecure API
endpoint

once targeted, you can see the other endpoint protocols by looking at the
/v2/info endpoint. the default settings are to use HTTPS everywhere.
whether you use a valid cert or not depends on how you configure the
server-side and whether you instruct the cli to ignore the cert checking.

e.g. this is for run.pivotal.io which uses secure transports for the UAA
(where your user/pw is sent unless you're using a SAML endpoint with "cf
login --sso") and getting the logs out of the system.

cf curl /v2/info

{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://login.run.pivotal.io",
"token_endpoint": "https://uaa.run.pivotal.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.33.0",
"app_ssh_endpoint": "ssh.run.pivotal.io:2222",
"app_ssh_host_key_fingerprint": null,
"logging_endpoint": "wss://loggregator.run.pivotal.io:4443",
"doppler_logging_endpoint": "wss://doppler.run.pivotal.io:443"
}

On Fri, Jul 17, 2015 at 9:55 AM, César Iván . <cesar_k13(a)hotmail.com> wrote:

Hi everyone,

I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit
worried about security, so the question is, what type of encryption uses
the CF CLI when running commands?

i.e: when I run the *login *command I need to type my user and pass, how
does it transport data from the server to the client and vice versa?

Thanks!

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev

--
Thank you,

James Bayer

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.