From 59c744ff9df6cba3b21325ee177653d020cc9ffe Mon Sep 17 00:00:00 2001 From: Markus Merklinger Date: Fri, 11 Oct 2024 15:56:10 +0200 Subject: [PATCH] Clearify differences between images and include security recommendation --- nethsm/container/production-image.rst | 5 ++++- nethsm/container/test-image.rst | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/nethsm/container/production-image.rst b/nethsm/container/production-image.rst index a0f9f2b1c9..3061651335 100644 --- a/nethsm/container/production-image.rst +++ b/nethsm/container/production-image.rst @@ -1,8 +1,11 @@ Production Image ---------------- -The NetHSM production container is a product for paying customers only and can be purchased `here `__. +The production image is provided for production envrionments with high security demands. +It requires an external etcd key-value store and offers to run the NetHSM process with hardware-based separation. +The connection between the NetHSM process and the key-value store is encrypted. +The NetHSM production container is a product for paying customers only and can be purchased `here `__. The image can be obtained from `Nitrokey NetHSM registry `_ using the credentials provided after purchase. .. warning:: diff --git a/nethsm/container/test-image.rst b/nethsm/container/test-image.rst index cad6dd0a2d..f7e265faf7 100644 --- a/nethsm/container/test-image.rst +++ b/nethsm/container/test-image.rst @@ -1,11 +1,16 @@ Test Image ---------- +The test image is provided for testing and development purposes. +It includes an integrated etcd key-value store, but does not offer to run the NetHSM process with hardware-based separation. +The connection between the NetHSM process and the key-value store is unencrypted. + The image can be obtained from `Docker Hub `_. .. warning:: Do not use the test image under any circumstances for production data and use cases. + For production environments with high security demands you must use the production image. Tagging Policy ^^^^^^^^^^^^^^