Before turning on Riak TS security there are key steps all applications need to take. Missing one of these steps may break your application, so make sure you have done each of the following BEFORE enabling security:
- Because Riak TS security requires a secure SSL connection, you will need to generate appropriate SSL certs, enable SSL and establish a certification configuration on each node. If you enable security without having established a functioning SSL connection, all requests to Riak TS will fail.
- Define users and, optionally, groups
- Define an authentication source for each user
- Grant the necessary permissions to each user (and/or group)
- Make sure that your client software will work properly:
- It must pass authentication information with each request
- It must support encrypted Protocol Buffers traffic
- If you have applications that rely on an already existing Riak TS cluster, make sure that those applications are prepared to gracefully transition into using Riak security once security is enabled.
After all of the above steps have been performed and your security setup has been properly checked, visit the Riak TS Security: Enabling page for instructions on enabling security.