[arvados] updated: 2.6.0-588-gd90fffe9d9

git repository hosting git at public.arvados.org
Fri Sep 8 20:59:52 UTC 2023 

Summary of changes:
 doc/_includes/_ssl_config_multi.liquid | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

       via  d90fffe9d937d3e05c04106904b18dc4da235bc6 (commit)
      from  a47889b33a2b09d0246611d759547f55b8dda7e6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit d90fffe9d937d3e05c04106904b18dc4da235bc6
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Fri Sep 8 17:59:03 2023 -0300

    20888: Applies suggested improvements.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/doc/_includes/_ssl_config_multi.liquid b/doc/_includes/_ssl_config_multi.liquid
index bdc40a402b..19513bd16a 100644
--- a/doc/_includes/_ssl_config_multi.liquid
+++ b/doc/_includes/_ssl_config_multi.liquid
@@ -39,13 +39,13 @@ To supply your own certificates, change the configuration like this:
 
 All certificate files will be used by nginx. You may need to include intermediate certificates in your certificate files. See "the nginx documentation":http://nginx.org/en/docs/http/configuring_https_servers.html#chains for more details.
 
-h4(#secure-tls-keys). Securing your TLS certificate keys (optional)
+h4(#secure-tls-keys). Securing your TLS certificate keys (AWS specific) (optional)
 
-When using @SSL_MODE=bring-your-own@, you can keep your TLS certificate keys encrypted on the server nodes, and this might even be required depending on your organization's security best practices.
+When using @SSL_MODE=bring-your-own@, you can keep your TLS certificate keys encrypted on the server nodes. This reduces the risk of certificate leaks from node disk volumes snapshots or backups.
 
-This feature is currently implemented in AWS by providing the certificate keys' password via Amazon's "Secrets Manager":https://aws.amazon.com/es/secrets-manager/ service, and installing appropriate services on the nodes that provide this password to @nginx@ via a file that only lives in system's RAM disk. This avoids potential password leaks to node disk volumes snapshots or backups.
+This feature is currently implemented in AWS by providing the certificate keys’ password via Amazon’s "Secrets Manager":https://aws.amazon.com/es/secrets-manager/ service, and installing appropriate services on the nodes that provide this password to nginx via a file that only lives in system RAM.
 
-If your use the installer's Terraform code, the secret and related permission cloud resources are created automatically, and you can customize the secret's name by editing @terraform/services/terraform.tfvars@ and setting its suffix in @ssl_password_secret_name_suffix at .
+If you use the installer's Terraform code, the secret and related permission cloud resources are created automatically, and you can customize the secret's name by editing @terraform/services/terraform.tfvars@ and setting its suffix in @ssl_password_secret_name_suffix at .
 
 In @local.params@ you need to set @SSL_KEY_ENCRYPTED@ to @yes@ and change the default values for @SSL_KEY_AWS_SECRET_NAME@ and @SSL_KEY_AWS_REGION@ if necessary.
 

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list