In a Kubernetes deployment encryption is disabled by default.
ImportantPGP Encryption is supported only in Kubernetes deployments.
Enable PGP encryption in Kubernetes deployments
- Generate a pair of PGP keys to be used for encryption/decryption (private and public keys).
- Store each generated key in the file on the host, so that these files are accessible by the deployment script.
- Configure the following environment variables in the cxc.env file.
# CXC Contact encryption configuration. CXC_PGP_ENABLED: false # Host path(absolute) to the PGP Public Key CXC_PGP_PUBLIC_KEY_PATH: "" # Host path(absolute) to the PGP Private Key CXC_PGP_PRIVATE_KEY_PATH: "" # Passphrase for PGP Private Key CXC_PGP_PASSPHRASE: "" CXC_PGP_USER_ID: "firstname.lastname@example.org"
- Verify that the CXC_PGP_ENABLED variable is set to true.
- Verify that the CXC_PGP_PUBLIC_KEY_PATH variable is set to the absolute path to the file that stores the public key.
- Verify that the CXC_PGP_PRIVATE_KEY_PATH variable is set to the absolute path to the file that stores the private key.
- Verify that the CXC_PGP_PASSPHRASE variable (optional) is configured when the passphrase is present in CX Contact PGP keys.
- Verify that the CXC_PGP_USER_ID variable is associated with the correct Private key user ID.
- Save and close the file. The saved file is then used as input for the cxc-app-deploy.sh script.
ImportantThe host is used to create a Kubernetes secret (cxc-pgp-storage). During deployment, CXC_PGP_PUBLIC_KEY_PATH and CXC_PGP_PRIVATE_KEY_PATH data is stored in the Kubernetes secure storage. When the system is started, CX Contact components collect key data from the Kubernetes secure storage. For more information about Kubernetes secrets, see Kubernetes Documentation.
This page was last edited on April 23, 2021, at 18:50.