Encryption method of CF CLI when running commands
César Iván . <cesar_k13 at hotmail.com...>
I'm going to try to develop a plugin that uses the CF CLI, but I'm a bit worried about security, so the question is, what type of encryption uses the CF CLI when running commands?
i.e: when I run the login command I need to type my user and pass, how does it transport data from the server to the client and vice versa?
the "cf api api.SYSTEMDOMAIN" command requires https with a valid certtoggle quoted messageShow quoted text
unless you use the flag that bypasses that.
$ cf api api.example.com
Setting api endpoint to api.example.com...
Invalid SSL Cert for api.example.com
TIP: Use 'cf api --skip-ssl-validation' to continue with an insecure API
once targeted, you can see the other endpoint protocols by looking at the
/v2/info endpoint. the default settings are to use HTTPS everywhere.
whether you use a valid cert or not depends on how you configure the
server-side and whether you instruct the cli to ignore the cert checking.
e.g. this is for run.pivotal.io which uses secure transports for the UAA
(where your user/pw is sent unless you're using a SAML endpoint with "cf
login --sso") and getting the logs out of the system.
cf curl /v2/info
"description": "Cloud Foundry sponsored by Pivotal",
On Fri, Jul 17, 2015 at 9:55 AM, César Iván . <cesar_k13(a)hotmail.com> wrote: