Am I correct in the understanding that Secrets Automation sends information in the clear?
SpiceyRicey
I was setting up and messing around with my Connect Server, and I noticed this in the documentation
By default, 1Password Connect Server is configured for use within a trusted network. It's possible to enable TLS for the connection between your application and Connect.
So, is it correct to say, unless you configure TLS or LetsEncrypt, it is sending data in the clear by default?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
I wanted to specify, I'm curious specifically about the communication of the rest API from the connect server to the application. Am I correct in understanding that without TLS configured, its sending the data in the clear from the connect server to the application?
Team Member
Hi @SpiceyRicey:
Great question. Yes, that's correct. Communication between your 1Password Connect server and the 1Password service itself is protected by our regular protections, but communication between API clients and the Connect server itself would only be encrypted by TLS if configured and if TLS is not in use, data would be transmitted in the clear.
Jack
@Jack.P_1P
Awesome, I appreciate it. I'm trying to have a zero trust environment and wanted to make sure I had all my bases covered 😊