I'm wondering if I still need to enable SSL/TLS for the database connections between my backend and database server, considering my backend is running behind a reverse proxy like Traefik or Nginx which already has SSL/TLS for client traffic. The database is hosted on an internal network in a Docker-compose or Kubernetes setup, so it's not exposed to the outside. What do you think?
2 Answers
It's definitely a good idea to use SSL/TLS even if your network is internal. If an attacker gets into a container on the same network as your database, unencrypted traffic could expose your credentials. Having encryption in place helps mitigate that risk. It might seem like a small threat, but it's an easy fix to implement.
Using SSL/TLS is a best practice regardless of whether you’re on Kubernetes or any other setup. Particularly in cloud environments, it really adds an extra layer of security since your data travels encrypted, which is crucial.
But isn’t it true that for some cloud environments, like AWS, VPC traffic is typically secure as it travels point-to-point? So is encryption really necessary?
thank you