Security

Gluesync provides multiple layers of security to ensure your data remains protected throughout its journey from source to target systems.

Security Architecture Overview

Gluesync implements a multi-layered security approach:

  1. Transport Layer Security (TLS): Secures all external communications

  2. AES256 Encryption: Provides end-to-end data encryption

  3. Node-to-Node Communication Security: Ensures secure inter-service messaging

  4. Access Control: Manages user authentication and authorization

Transport Layer Security (TLS)

SSL/TLS Configuration

Gluesync uses Java KeyStore (JKS) files to manage TLS certificates. The following files are required for TLS configuration:

  • gluesync.com.jks: The keystore file containing TLS certificate information

  • security-config.json: Configuration file for keystore access

SSL & Node-to-Node Encryption Configuration File

The security-config.json file should contain:

{
  "keystore": {
    "path": "/opt/gluesync/data/gluesync.com.jks",
    "password": "your-keystore-password"
  }
}
json

Mounting TLS Files

In your deployment configuration, mount these files:

volumes:
  - ./security-config.json:/opt/gluesync/data/security-config.json
  - ./gluesync.com.jks:/opt/gluesync/data/gluesync.com.jks
yaml

Military-Grade Encryption (Enterprise Feature)

AES256 End-to-End Encryption

This feature requires a paid Gluesync Enterprise with Advanced Security license.

Gluesync 2.0.6 introduces military-grade security with AES256 encryption:

  • End-to-End Data Protection: Data is encrypted from source through Core Hub to target systems

  • Intra-Service Communication: All node-to-node messages are encrypted

  • Zero-Knowledge Architecture: Ensures data privacy at all points

  • Customizable Encryption: Configure your own initialization vector and encryption key

Configuration

Bootstrap File

The bootstrap-core-hub.json file serves as the foundation for encryption:

{
  "apiTokenSecret": "your-secure-secret"
}
json
Use a strong, unique secret value in production environments.

Encryption Keys

You can customize the encryption keys through environment variables:

environment:
  - ENCRYPTION_KEY=your-custom-key
  - INITIALIZATION_VECTOR=your-custom-iv
yaml

Security Best Practices

General Recommendations

  1. Certificate Management:

    • Regularly rotate TLS certificates

    • Use strong passwords for keystores

    • Keep certificate private keys secure

  2. Encryption Configuration:

    • Change default encryption keys

    • Rotate encryption keys periodically

    • Store encryption keys securely

  3. Network Security:

    • Use firewalls to restrict access

    • Implement network segmentation

    • Monitor network traffic

Production Deployment Security

For production environments:

  1. Enable all security features:

    • TLS encryption

    • AES256 data encryption

    • Node-to-node communication encryption

  2. Implement access controls:

    • Use strong authentication

    • Apply principle of least privilege

    • Regular security audits

  3. Monitor security:

    • Enable security logging

    • Monitor access patterns

    • Set up alerts for security events