I've been able to get dropwizard running on Fargate with HTTP (running under Java 11). For my situation I need end-to-end encryption (I cannot have TLS terminate at the ALB). How are folks doing this currently?
I'm assuming I should use the conscrypt dependency maybe with a self-signed cert run from the image? I'm also thinking I should not put a fully baked keystore into my docker image so I'm wondering if someone has an approach for getting it at runtime? Perhaps I could encrypt it using KMS and put it into S3 and then on the docker image startup I could grab it from S3, copy it to a known location that is also specified in my config.yml? Or do others grab just the certs at load time and create a new java keystore on each startup? Finally, does anyone else besides my find the Java keystore exhausting? I'd love to be able to just grab a (.pem) file and use it in config.yml without having to do all these keytool/keystore steps. Anyway, if someone has a blog or some concrete steps they could reply with, I would be very appreciative! -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
