Developers using ConfD are continually finding ways to increase its use and application in improving programmability. Some of these developers have created ConfD client applications which communicate with the ConfD daemon using various ConfD APIs. By leveraging the ConfD language binding library the ConfD client application translates API calls into Inter-Process Communication (IPC) messages sent to the ConfD daemon.
However, sometimes ConfD client applications need to run remotely and the ConfD daemon needs to be configured to listen for IPC connections from external interfaces. For use cases in which only IPC authentication is needed but not payload security via encryption, ConfD provides a basic IPC authentication mechanism which can be used. Yet, in many cases both authentication and encryption are desired for securing the IPC communications between a ConfD client application and the ConfD daemon.
This application note discusses mechanisms to make the ConfD client application IPC connection secure and how to setup stunnel to authenticate and encrypt data between the ConfD daemon and ConfD client applications.