Security
How to secure your connectors.
TLS Encryption
We encourage you to secure the communication between your connector and the client. For the underlying technology, this means that you need to provide a certificate which is then used to encrypt the transferred data. Additionally, a trusted certificate allows the client to verify the server's identity.
Self-signed Certificates
Anyone can make their own certificates without the help from a certificate authority (CA). The only difference is that certificates you make yourself won’t be trusted by anyone else. For local development, that’s fine.
The simplest way to generate a private key and self-signed certificate for your connector is with these command:
$ cd connector-starter
$ poetry add --group dev cryptography
$ poetry run certificate generate
The certificate generation requires the cryptography package to be present. The command reads the server's uuid and host from your project's .env file to configure the generated certificate. See poetry run certificate generate --help for more information about the available options.
Enable Encryption
To enable TLS encryption for your connector, you need to provide a certificate and its corresponding private key in the config. Just add the following values to your Connector constructor:
import pathlib
from unitelabs.cdk import Connector
app = Connector(
{
"sila_server": {
"tls": True,
"cert": pathlib.Path("./cert.pem").read_bytes(),
"key": pathlib.Path("./key.pem").read_bytes(),
}
}
)
When using a self-signed certificate, it might be necessary to add the certificate to the client's trust store in order for it to trust your connector. Otherwise connections might be rejected. Also make sure to keep your private key save.