ce727eb30d
All checks were successful
CI / verify (push) Successful in 2m33s
Add canonical operations/security/access/feature docs and fix path integrity to improve onboarding and incident readiness.
1.8 KiB
1.8 KiB
Feature: Secure Peer Transport
Purpose and Business Outcome
Protect replicated data in transit with authenticated and encrypted peer communication.
Scope and Non-Goals
Scope:
- Secure handshake and key establishment.
- Message confidentiality and integrity controls.
Non-goals:
- Data-at-rest encryption.
- Full identity and certificate lifecycle management.
User and System Workflows
- Operator enables secure transport components.
- Peers perform handshake and establish session keys.
- Replication traffic is encrypted/authenticated.
- Health and logs expose secure mode status.
Interfaces, APIs, and Events Involved
IPeerHandshakeService/ secure handshake implementation- Network pipeline message encryption and HMAC validation
- Startup configuration for secure mode
Permissions and Data Handling
- Secret material (
AuthToken, key inputs) must be restricted to authorized operators. - Logs must avoid plaintext secret disclosure.
Dependencies and Failure Modes
Dependencies:
- Consistent security mode across peers
- Valid runtime cryptographic dependencies
Failure modes:
- Secure/plaintext mode mismatch
- Handshake failure due to key/token mismatch
Monitoring, Alerts, and Troubleshooting Pointers
- Alert on repeated handshake failures.
- Use Runbook for incident triage and Troubleshooting for remediation.
Rollout and Change Considerations
- Enable secure mode in staging first.
- Roll production nodes in controlled order to avoid mixed-mode partitions.
Validation and Testability Guidance
- Add tests for secure-to-secure success and mixed-mode rejection.
- Validate encrypted cluster startup and sync with production-like load.