Comment on page
Security/Authentication
This section describes authentication and authorization features in Memphis. Both methods enable the operator to control access to Memphis.
When deploying Memphis, there is an option to choose the authentication method. The method should be chosen based on the app and the organization's security requirements.
- Username + password (Default). Each new user (both application and management) gets created with a dedicated username and password.
Kubernetes deployment command:
helm install memphis --set user_pass_based_auth="true" memphis/memphis --create-namespace --namespace memphis
Docker deployment command: To change the auth method value,
please modify the
docker-compose.yml
filecurl -s https://memphisdev.github.io/memphis-docker/docker-compose.yml -o docker-compose.yml && docker compose -f docker-compose.yml -p memphis up
- Username + connection token Each new application-type user gets created with a dedicated username but the same connection token as the other app-type users.
Kubernetes deployment command:
helm install memphis --set user_pass_based_auth="false" memphis/memphis --create-namespace --namespace memphis
Docker deployment command: To change the auth method value,
please modify the
docker-compose.yml
filecurl -s https://memphisdev.github.io/memphis-docker/docker-compose.yml -o docker-compose.yml && docker compose -f docker-compose.yml -p memphis up
Memphis has two types of credentials:
- Application. Every connection has an associated user and a password or a connection token that is authenticated. App credentials, including username, password/connection token, and (optionally) client certificate, are specified during connection initiation time. There is a default pair of credentials called the root user and its detailes will appear on the post-installation notes.
- Management. A dedicated user can be created for management purposes only, and to allow control over the UI and CLI, not data.
Production environments should not use the default user and create new user accounts with generated credentials instead.
- 1.Install the CLI
- 2.Address the CLI to the clustermem connect -s <memphis broker> -u <root/username> -p <password>
- 3.Create new usermem user add -u yaniv -t applicationOutput -User yaniv was created.Broker connection credentials: memphisThese credentials CAN'T be restored, save them in a safe place
Last modified 7mo ago