File tree Expand file tree Collapse file tree 1 file changed +21
-5
lines changed Expand file tree Collapse file tree 1 file changed +21
-5
lines changed Original file line number Diff line number Diff line change @@ -164,11 +164,27 @@ participate in :term:`elections <election>`.
164164 Do not run arbiter processes on a system that is an active
165165 :term:`primary` or :term:`secondary` of its replica set.
166166
167- You must run arbiters only on secure networks. While arbiters do not
168- hold database content, they do hold replica-set configuration data,
169- which always should be protected. Arbiters use encryption only when
170- creating a connection with another replica-set member. All other
171- communications are unencrypted.
167+ Arbiters make the following communications:
168+
169+ - Exchange keyfiles with replica set. Arbiters
170+ replica set servers exchange keyfiles, which are the equivalent of a
171+ password for the __system "user".
172+
173+ - The arbiter is authenticated when a connection is created between it
174+ and another member of the replica set, and is then trusted until the
175+ connection ends.
176+
177+ - Only the authentication step is encrypted. Replica set configuration
178+ data and voting are unencrypted.
179+
180+ - Data other than the authentication step are not encrypted.
181+
182+
183+
184+
185+
186+
187+
172188
173189You should always run arbiters on secure networks.
174190
You can’t perform that action at this time.
0 commit comments