Securing System Payloads
Tyk, when first installed, does not insist on signing any cluster messages or middleware bundles. However, if you are moving to production, or thinking of enabling the Dashboard configuration feature, it is strongly recommended to enable payload signatures.
Payload signatures can be enabled in your
tyk.conf by setting
false and then setting up a public / private keypair with:
# private key openssl genrsa -out privkey.pem 2048 # public key openssl rsa -in privkey.pem -pubout -out pubkey.pem
Then add the path to the public key to your
public_key_path, this same key is also used for middleware bundle signature validation.
Make sure to keep your private key safe, and transfer it to your Dashboard instance. In your
tyk_analytics.conf file, you must add the full path to the
private_key_path field. This will allow your Dashboard to sign all of its payloads using the private key.