vagrant/website/source/docs/share/security.html.md

---
layout: "docs"
page_title: "Security - Vagrant Share"
sidebar_current: "share-security"
description: |-
  Sharing your Vagrant environment understandably raises a number of security
  concerns.
---

# Security

Sharing your Vagrant environment understandably raises a number of security
concerns.

The primary security mechanism for Vagrant
Share is security through obscurity along with an encryption key for SSH.
Additionally, there are several configuration options made available to
help control access and manage security:

  * `--disable-http` will not create a publicly accessible HTTP URL. When
    this is set, the only way to access the share is with `vagrant connect`.

In addition to these options, there are other features we've built to help:

  * Vagrant share uses end-to-end TLS for non-HTTP connections. So even unencrypted
    TCP streams are encrypted through the various proxies and only unencrypted during
    the final local communication between the local proxy and the Vagrant environment.

  * SSH keys are encrypted by default, using a password that is not transmitted
    to our servers or across the network at all.

  * SSH is not shared by default, it must explicitly be shared with the
    `--ssh` flag.

Most importantly, you must understand that by running `vagrant share`,
you are making your Vagrant environment accessible by anyone who knows
the share name. When share is not running, it is not accessible.
website/docs: document vagrant share functionality 2014-02-27 23:00:37 +00:00			`---`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`layout: "docs"`
website/docs: document vagrant share functionality 2014-02-27 23:00:37 +00:00			`page_title: "Security - Vagrant Share"`
			`sidebar_current: "share-security"`
Merge docs and www into a single static site This is a big commit, and I apologize in advance for the future git-blames all pointing to me. This commit does a few things: 1. Merges the website/docs and website/www repo into a single website repo to be in line with other HashiCorp projects 2. Updates to use middleman-hashicorp 3. Converts less to scss to be in line with other projects 4. Updates page styles to be in line with other projects 5. Optimizes images 6. Prepare for S3 + Fastly deployment with scripts, etc. 7. Removes blog posts (they have been transferred to hashicorp.com with redirects in place 8. Updated sitemap generation script for better SEO 9. Fixed many broken links 10. Add description to all fields 2016-01-19 18:08:53 +00:00			`description: \|-`
			`Sharing your Vagrant environment understandably raises a number of security`
			`concerns.`
website/docs: document vagrant share functionality 2014-02-27 23:00:37 +00:00			`---`

			`# Security`

			`Sharing your Vagrant environment understandably raises a number of security`
			`concerns.`

			`The primary security mechanism for Vagrant`
			`Share is security through obscurity along with an encryption key for SSH.`
			`Additionally, there are several configuration options made available to`
			`help control access and manage security:`

			* `--disable-http` will not create a publicly accessible HTTP URL. When
			this is set, the only way to access the share is with `vagrant connect`.

			`In addition to these options, there are other features we've built to help:`

Convert atlas references to vagrant cloud 2017-05-22 16:42:31 +00:00			`* Vagrant share uses end-to-end TLS for non-HTTP connections. So even unencrypted`
			`TCP streams are encrypted through the various proxies and only unencrypted during`
			`the final local communication between the local proxy and the Vagrant environment.`
website/docs: document vagrant share functionality 2014-02-27 23:00:37 +00:00
			`* SSH keys are encrypted by default, using a password that is not transmitted`
			`to our servers or across the network at all.`

			`* SSH is not shared by default, it must explicitly be shared with the`
			`--ssh` flag.

			Most importantly, you must understand that by running `vagrant share`,
			`you are making your Vagrant environment accessible by anyone who knows`
			`the share name. When share is not running, it is not accessible.`