0

From reading the Docker Remote API documentation:

Docker Daemon over SSL Ruby Docker-API

It appears the the correct way to connect to remote Docker machines is by letting the application know the location of the certificates to connect to a machine and connect using SSL/TLS with the certificates.

Is there a way to not have a user hand over the certificate, key, and CA? This would give whomever has those certificates root access to a docker machine.

roguequery
  • 964
  • 13
  • 28
  • You want privileged access to a remote docker machine. How do you intend to do this without giving privileged access to the remote docker machine? – Sobrique Feb 09 '16 at 09:38
  • It seems weird that I need to upload the private key and public key... With ssh you almost never expose your id_rsa private key – roguequery Feb 09 '16 at 13:16
  • Which part of the documentation are you referring to? For https, the key is used by the daemon to sign the outbound, which is verified against the (public-key) cert. Which is in turn checked against the CA cert. The private key stays on the server that generated it though. – Sobrique Feb 09 '16 at 13:41
  • I'm looking at the SSL section and the Docker.options that appears to include the certificate, private key, and CA – roguequery Feb 09 '16 at 13:43

0 Answers0