Security
TLS Encryption
We encourage you to secure the communication between your connector and the client. For the underlying technology, this means that you need to provide a certificate which is then used to encrypt the transferred data. Additionally, a trusted certificate allows the client to verify the server's identity.
Self-signed Certificates
Anyone can make their own certificates without the help from a certificate authority (CA). The only difference is that certificates you make yourself won’t be trusted by anyone else. For local development, that’s fine.
The simplest way to generate a private key and self-signed certificate for your connector is with these command:
$ cd connector-starter
$ poetry add --group dev cryptography
$ poetry run certificate generate
The certificate generation requires the cryptography package to be present. The command reads the server's uuid and host from your project's .env file to configure the generated certificate.
For more information about the available options, see:
poetry run certificate generate --help
Enable Encryption
To enable TLS encryption for your connector, you need to provide a certificate and its corresponding private key in the config. Just add the following parameters to your CLI command:
connector start --app unitelabs.celigo_cytometer:create_app -v \
--tls --cert ./cert.pem --key ./key.pem
When using a self-signed certificate, it might be necessary to add the certificate to the client's trust store in order for it to trust your connector. Otherwise connections might be rejected. Also make sure to keep your private key save.
certificate generate with the default output paths, you can omit the --cert and --key arguments.For more information about the connector start CLI options, see:
poetry run connector start --help