Security with Juju

Juju puts security at the forefront. Features include:

  • TLS-encrypted communication.

Juju uses TLS-encryption for all communication between the controller (the management node) and the agents running on different units (application instances).

See more: Wikipedia | TLS

  • Workspace isolation.

Juju enables administrators to create separate workspaces, or models, for different applications, services, and environments. This helps in isolating resources and maintaining a clear separation of concerns.

See more: Model

  • Granular user access.

Juju provides role-based access control and supports multiple authentication mechanisms. Users can be granted access only to specific clouds, controllers, models, or applications.

See more: User access levels

  • Secrets.

Juju provides support for securely storing and managing sensitive information such as passwords, API keys, and certificates via secrets.

See more: Secret

  • Auditing and logging.

Juju offers auditing and logging capabilities to help administrators track user activities, changes in the environment, and potential security incidents. These logs can be useful for identifying and responding to security threats or compliance requirements.

See more: Logs

  • Guided, tested, and maintained operations code.

Juju encourages developers to follow best practices in creating software operators (‘charms’). This includes secure coding guidelines, testing, and regular maintenance to address potential security vulnerabilities.

See more: Charm SDK | Charm development best practices > Security

  • Regular updates and patches.

Canonical releases updates and security patches for Juju to address vulnerabilities, improve performance, and add new features.

See more: Roadmap & Releases

Last updated 6 months ago. Help improve this document in the forum.