Hi,
when I install a new gossip key on a Consul server and use it, will the key then send to all clients through rpc or the gossip protocol?
Thanks
hi @fmp88,
The new gossip encryption key is broadcast using the gossip protocol itself. Also, note that only Consul server agents listen on the RPC port (not clients).
The basic flow of changing the encryption key on a given Serf cluster is:
- Broadcast new key to cluster via gossip
Hi @Ranjandas ,
thanks for the clarification and link to it
In case a node would get compromised and rolling out a new key happens using the old gossip encryption key, how is it then possible to ensure that the new key is not seen by unwanted parties?
Edit, just saw that the documentation specifies that the assumption is that no node is compromised