mirror of
https://github.com/hashicorp/vagrant.git
synced 2026-02-03 20:39:27 -05:00
36 lines
1.4 KiB
Text
36 lines
1.4 KiB
Text
---
|
|
layout: docs
|
|
page_title: Security - Vagrant Share
|
|
description: |-
|
|
Sharing your Vagrant environment understandably raises a number of security
|
|
concerns.
|
|
---
|
|
|
|
# Security
|
|
|
|
Sharing your Vagrant environment understandably raises a number of security
|
|
concerns.
|
|
|
|
The primary security mechanism for Vagrant
|
|
Share is security through obscurity along with an encryption key for SSH.
|
|
Additionally, there are several configuration options made available to
|
|
help control access and manage security:
|
|
|
|
- `--disable-http` will not create a publicly accessible HTTP URL. When
|
|
this is set, the only way to access the share is with `vagrant connect`.
|
|
|
|
In addition to these options, there are other features we've built to help:
|
|
|
|
- Vagrant share uses end-to-end TLS for non-HTTP connections. So even unencrypted
|
|
TCP streams are encrypted through the various proxies and only unencrypted during
|
|
the final local communication between the local proxy and the Vagrant environment.
|
|
|
|
- SSH keys are encrypted by default, using a password that is not transmitted
|
|
to our servers or across the network at all.
|
|
|
|
- SSH is not shared by default, it must explicitly be shared with the
|
|
`--ssh` flag.
|
|
|
|
Most importantly, you must understand that by running `vagrant share`,
|
|
you are making your Vagrant environment accessible by anyone who knows
|
|
the share name. When share is not running, it is not accessible.
|