Am I correct in the understanding that Secrets Automation sends information in the clear?

I was setting up and messing around with my Connect Server, and I noticed this in the documentation

By default, 1Password Connect Server is configured for use within a trusted network. It's possible to enable TLS for the connection between your application and Connect.

So, is it correct to say, unless you configure TLS or LetsEncrypt, it is sending data in the clear by default?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • SpiceyRicey
    SpiceyRicey
    Community Member

    I wanted to specify, I'm curious specifically about the communication of the rest API from the connect server to the application. Am I correct in understanding that without TLS configured, its sending the data in the clear from the connect server to the application?

  • Hi @SpiceyRicey:

    Great question. Yes, that's correct. Communication between your 1Password Connect server and the 1Password service itself is protected by our regular protections, but communication between API clients and the Connect server itself would only be encrypted by TLS if configured and if TLS is not in use, data would be transmitted in the clear.

    Jack

  • SpiceyRicey
    SpiceyRicey
    Community Member

    @Jack.P_1P

    Awesome, I appreciate it. I'm trying to have a zero trust environment and wanted to make sure I had all my bases covered 😊

  • Hi @SpiceyRicey - glad that we could help out and clarify this for you. Please let us know if you have any other questions. Thanks!

This discussion has been closed.