Skip to content

Standalone mode unauthenticated by default #356

New issue
New issue
Open
Open
Standalone mode unauthenticated by default#356
Labels
security
@raballew

Description

@raballew
raballew
opened on Mar 19, 2026

Description

--passphrase defaults to None at python/packages/jumpstarter-cli/jumpstarter_cli/run.py:245. Combined with --tls-grpc-insecure and 0.0.0.0 default binding, standalone mode exposes an unauthenticated, unencrypted gRPC server.

The PassphraseInterceptor at python/packages/jumpstarter/jumpstarter/exporter/auth.py:17-34 exists and works correctly, but defaults to disabled.

No warning is emitted when passphrase is absent (the most dangerous config), but a warning is present when passphrase is used without TLS (less dangerous) (run.py:107).

This applies ONLY to standalone mode; K8s mode has mandatory, non-disableable authentication.

Suggested Fix

  • Generate random passphrase when --passphrase not provided
  • Require explicit --unsafe-no-auth to disable authentication
  • Warn when no passphrase and no TLS

Metadata

Metadata

Assignees

No one assigned

    Labels

    security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions