teleport icon indicating copy to clipboard operation
teleport copied to clipboard

Published 20 hours ago verified publisher icon gravitational

User confusion around FIPS mode

Open corkrean opened this issue 2 years ago • 1 comments

What would you like Teleport to do? Force FIPS mode whenever the FIPS binary is being used or add the --fips flag to the systemD unit file provided by the Teleport packages (RPM, APT).

What problem does this solve? Presently, users must add the --fips flag when starting Teleport. This is not well documented and users do not realize they need to utilize the flag.

This is a problem for customers who are deploying on VMs without the Teleport maintained Terraform.

corkrean avatar Aug 08 '22 21:08 corkrean

It's unclear why this flag is needed in addition to separate binaries.

Could we drop the --fips flag requirement when running the fips binaries?

programmerq avatar Aug 09 '22 17:08 programmerq

This means that for deployments with a mixture of FIPS-compliant environments and non-FIPS-compliant environments (e.g. running on AWS in both US and non-US regions), there need to be different binaries. This creates extra maintenance hassle; is there perhaps a better way?

MarcClusterman avatar Feb 13 '24 21:02 MarcClusterman