A newer version of this documentation is available.
View Latest (v2.1)

Security

Gluesync provides multiple layers of security to ensure your data remains protected throughout its journey from source to target systems.

Security Architecture Overview

Gluesync implements a multi-layered security approach:

  1. Transport Layer Security (TLS): Secures all external communications

  2. AES256 Encryption: Provides end-to-end data encryption

  3. Node-to-Node Communication Security: Ensures secure inter-service messaging

  4. Access Control: Manages user authentication and authorization

Transport Layer Security (TLS)

SSL/TLS Configuration

Gluesync uses Java KeyStore (JKS) files to manage TLS certificates. The following files are required for TLS configuration:

  • gluesync.com.jks: The keystore file containing TLS certificate information

  • security-config.json: Configuration file for keystore access

SSL & Node-to-Node Encryption Configuration File

The security-config.json file should contain:

{
  "keystore": {
    "path": "/opt/gluesync/data/gluesync.com.jks",
    "password": "your-keystore-password"
  }
}

Mounting TLS Files

In your deployment configuration, mount these files:

volumes:
  - ./security-config.json:/opt/gluesync/data/security-config.json
  - ./gluesync.com.jks:/opt/gluesync/data/gluesync.com.jks

Military-Grade Encryption (Enterprise Feature)

AES256 End-to-End Encryption

This feature requires a paid Gluesync Enterprise with Advanced Security license.

Gluesync 2.0.6 introduces military-grade security with AES256 encryption:

  • End-to-End Data Protection: Data is encrypted from source through Core Hub to target systems

  • Intra-Service Communication: All node-to-node messages are encrypted

  • Zero-Knowledge Architecture: Ensures data privacy at all points

  • Customizable Encryption: Configure your own initialization vector and encryption key

Configuration

Bootstrap File

The bootstrap-core-hub.json file serves as the foundation for encryption:

{
  "apiTokenSecret": "your-secure-secret"
}
Use a strong, unique secret value in production environments.

Encryption Keys

You can customize the encryption keys through environment variables:

environment:
  - ENCRYPTION_KEY=your-custom-key
  - INITIALIZATION_VECTOR=your-custom-iv

Security Best Practices

General Recommendations

  1. Certificate Management:

    • Regularly rotate TLS certificates

    • Use strong passwords for keystores

    • Keep certificate private keys secure

  2. Encryption Configuration:

    • Change default encryption keys

    • Rotate encryption keys periodically

    • Store encryption keys securely

  3. Network Security:

    • Use firewalls to restrict access

    • Implement network segmentation

    • Monitor network traffic

Production Deployment Security

For production environments:

  1. Enable all security features:

    • TLS encryption

    • AES256 data encryption

    • Node-to-node communication encryption

  2. Implement access controls:

    • Use strong authentication

    • Apply principle of least privilege

    • Regular security audits

  3. Monitor security:

    • Enable security logging

    • Monitor access patterns

    • Set up alerts for security events