» Security

Sharing your Vagrant environment understandably raises a number of securityconcerns.

The primary security mechanism for VagrantShare is security through obscurity along with an encryption key for SSH.Additionally, there are several configuration options made available tohelp control access and manage security:

  • —disable-http will not create a publicly accessible HTTP URL. Whenthis is set, the only way to access the share is with vagrant connect.In addition to these options, there are other features we've built to help:

  • Vagrant share uses end-to-end TLS for non-HTTP connections. So even unencryptedTCP streams are encrypted through the various proxies and only unencrypted duringthe final local communication between the local proxy and the Vagrant environment.

  • SSH keys are encrypted by default, using a password that is not transmittedto our servers or across the network at all.

  • SSH is not shared by default, it must explicitly be shared with the—ssh flag.

Most importantly, you must understand that by running vagrant share,you are making your Vagrant environment accessible by anyone who knowsthe share name. When share is not running, it is not accessible.