Offer some way to access non-localhost HTTP vaults

Question

mcginty opened this issue 5 years ago · comments

The problem

Requiring HTTPS for non-localhost vault addresses is "too much safety" in certain valid secure network configurations.

Create a vault server somewhere, and setup both machines to be connected via a secure VPN like WireGuard.

Example vault.hcl:


listener "tcp" {
  address = "10.13.37.100:8200"
  tls_disable = 1
}

HTTP traffic over the WireGuard network is encrypted and strongly authenticated, perfectly safely, yet cryptr won't allow this type of connection.

Jacob Crowther · Answer 1 · Tue Dec 24 2019 10:12:56 GMT+0800 (China Standard Time)

I too have actually been annoyed by this. PR submitted.