Security Update Notes¶
This is a list of updates to security-related functionality in VOLTTRON that either break backward compatibility or may have noticeable impact to the user.
Version 3.5rc1¶
$VOLTTRON_HOME/auth.json
should not be edited with a text editor. Usevolttron-ctl
commandsauth-list
,auth-add
,auth-remove
, andauth-update
to view and manipulate that file.#
-style comments are no longer supported in$VOLTTRON_HOME/auth.json
. Use thecomments
andenabled
fields. (See the agent authentication walkthrough.)
Version 4.0¶
- The
$VOLTTRON_HOME/curve.key
file has been replaced with a key store`. Use thescripts/update_curve_key.py
script to update an existing key pair. - A
mechanism
field has been added to the auth file. Therefore, thecredentials
field no longer is prepended with a mechanism such as “CURVE:”. VOLTTRON automatically updates the auth entires to use the new field.- Entries with a regular expression in the
credentials
field cannot be upgraded.
- Entries with a regular expression in the
- Security-related commands for
volttron-ctl
have been moved to aauth
subcommand. (See the auth command documentation.)