📄️ Security Features
Boomi Cloud API Management - Local Edition provides many security features. Some of the features are listed as follows:
📄️ Shell-less Containers
API Management - Local Edition uses Google distroless images, that is, gcr.io/distroless/base-debain12:nonroot as the base images and employ multi-staged build to create the different images. Non-root images restrict containers to be spun up with root user. The toolkit image is necessary for troubleshooting Local Edition. Although called distroless, the distroless base image is based on debian but is stripped off entirely to bare essentials required to run a process. These essentials differ between components.
📄️ Minified Java Runtime
The following Local Edition components require a Java runtime:
📄️ Other Direct Dependencies
Local edition has the following dependencies other than minified java runtime:
📄️ Ephemeral Containers
Since all containers are shell-less, troubleshooting issues becomes difficult. For example, how does one take a thread or heap dump of a process?
📄️ Disable Privilege Escalation
All pods of Local Edition have privilege escalation set to false. This prevents the process in a container attempting to get higher privileges than the parent process.
📄️ AnyUser or AnyGroup
All containers in a pod are set to run as non root along with anyUser and anyGroup. The default value of anyUser and anyGroup is 10001.
🗃️ Securing Information
2 items
📄️ Ports Used By Local Edition
Local Edition has two types of ports:
📄️ Threat Model
📄️ Securing Images Against Vulnerabilities
Image Pull Secrets
📄️ OpenShift Deployment (introduced in v6.1.0)
This section applies to Boomi Cloud API Management - Local Edition version 6.1.0 and above.
📄️ Updating Secrets (introduced in v6.1.0)
Although Kubernetes installs new secret values in the pods, the Boomi Cloud API Management - Local Edition component cannot capture the current changes. To enable Boomi Cloud API Management - Local Edition to capture and mount new secret values in the pods, follow the steps listed below in the Enabling and Mounting new secret values in the Pods section.
🗃️ Securing Using OAuth (applies to v6.0.0+)
3 items
