Hi everyone,

I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit worried about security, so the question is, what type of encryption uses the CF CLI when running commands?

i.e: when I run the login command I need to type my user and pass, how does it transport data from the server to the client and vice versa?

Thanks!

the "cf api api.SYSTEMDOMAIN" command requires https with a valid cert
unless you use the flag that bypasses that.

$ cf api api.example.com
Setting api endpoint to api.example.com...
FAILED
Invalid SSL Cert for api.example.com
TIP: Use 'cf api --skip-ssl-validation' to continue with an insecure API
endpoint

once targeted, you can see the other endpoint protocols by looking at the
/v2/info endpoint. the default settings are to use HTTPS everywhere.
whether you use a valid cert or not depends on how you configure the
server-side and whether you instruct the cli to ignore the cert checking.

e.g. this is for run.pivotal.io which uses secure transports for the UAA
(where your user/pw is sent unless you're using a SAML endpoint with "cf
login --sso") and getting the logs out of the system.

cf curl /v2/info

{
"name": "vcap",
"build": "2222",
"support": "http://support.cloudfoundry.com",
"version": 2,
"description": "Cloud Foundry sponsored by Pivotal",
"authorization_endpoint": "https://login.run.pivotal.io",
"token_endpoint": "https://uaa.run.pivotal.io",
"min_cli_version": null,
"min_recommended_cli_version": null,
"api_version": "2.33.0",
"app_ssh_endpoint": "ssh.run.pivotal.io:2222",
"app_ssh_host_key_fingerprint": null,
"logging_endpoint": "wss://loggregator.run.pivotal.io:4443",
"doppler_logging_endpoint": "wss://doppler.run.pivotal.io:443"
}

--
Thank you,

James Bayer