Offer some way to access non-localhost HTTP vaults
mcginty opened this issue · comments
The problem
Requiring HTTPS for non-localhost vault addresses is "too much safety" in certain valid secure network configurations.
Details
Create a vault server somewhere, and setup both machines to be connected via a secure VPN like WireGuard.
Example vault.hcl
:
listener "tcp" {
address = "10.13.37.100:8200"
tls_disable = 1
}
HTTP traffic over the WireGuard network is encrypted and strongly authenticated, perfectly safely, yet cryptr won't allow this type of connection.
I too have actually been annoyed by this. PR submitted.