June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Intro
  • Docs
  • Community
GitHub—Stars on GitHub
Download
    • v2.2.19 (latest)
    • v2.2.18
    • v2.2.17
    • v2.2.16
    • v2.2.15
    • v2.2.14
    • v2.2.13
    • v2.2.12
    • v2.2.11
    • v2.2.10
  • Overview
    • Overview
    • Backwards Compatibility
    • Upgrading
    • Upgrading from 1.0.x
    • From Source
    • Uninstallation
    • Overview
    • box
    • cloud
    • connect
    • destroy
    • global-status
    • halt
    • init
    • login
    • package
    • plugin
    • port
    • powershell
    • provision
    • rdp
    • reload
    • resume
    • share
    • snapshot
    • ssh
    • ssh-config
    • status
    • suspend
    • up
    • upload
    • validate
    • version
    • More Commands
    • Aliases
    • Machine Readable Output
    • rsync
    • rsync-auto
    • winrm
    • winrm_config
    • Overview
    • HTTP Sharing
    • SSH Sharing
    • Connect
    • Security
    • Custom Provider
    • Overview
    • Configuration Version
    • Minimum Vagrant Version
    • Tips & Tricks
    • config.vm
    • config.ssh
    • config.winrm
    • config.winssh
    • config.vagrant
    • Overview
    • Box Versioning
    • Creating a Base Box
    • Box File Format
    • Box Info Format
    • Overview
    • Basic Usage
    • File
    • Shell
    • Ansible Intro
    • Ansible
    • Ansible Local
    • Common Ansible Options
    • CFEngine
    • Chef Common Configuration
    • Chef Solo
    • Chef Zero
    • Chef Client
    • Chef Apply
    • Docker
    • Podman
    • Puppet Apply
    • Puppet Agent
    • Salt
    • Overview
    • Basic Usage
    • Forwarded Ports
    • Private Network
    • Public Network
    • Overview
    • Basic Usage
    • NFS
    • RSync
    • SMB
    • VirtualBox
    • Overview
    • Configuration
    • Usage
    • Overview
    • Configuration
    • Usage
      • Overview
      • Usage
      • Common Issues
      • Overview
      • Usage
      • Common Issues
      • Overview
      • Usage
      • Common Issues
  • Multi-Machine
    • Overview
    • Installation
    • Basic Usage
    • Configuration
    • Default Provider
      • Overview
      • Usage
      • Creating a Base Box
      • Configuration
      • Networking
      • Common Issues
      • Overview
      • Installation
      • VMware Utility
      • Usage
      • Boxes
      • Configuration
      • Known Issues
      • FAQ
      • Overview
      • Basic Usage
      • Commands
      • Boxes
      • Configuration
      • Networking
      • Overview
      • Usage
      • Creating a Base Box
      • Configuration
      • Limitations
    • Custom Provider
    • Overview
    • Usage
    • Plugin Development Basics
    • Action Hooks
    • Commands
    • Configuration
    • Guests
    • Guest Capabilities
    • Hosts
    • Host Capabilities
    • Providers
    • Provisioners
    • Packaging & Distribution
    • Overview
    • FTP / SFTP
    • Heroku
    • Local Exec
    • Overview
    • Configuration
    • Usage
  • Experimental
    • Overview
    • Debugging
    • Environmental Variables
    • WSL
    • macOS Catalina

  • Vagrant Cloud
Type '/' to Search

»Security

Sharing your Vagrant environment understandably raises a number of security concerns.

The primary security mechanism for Vagrant Share is security through obscurity along with an encryption key for SSH. Additionally, there are several configuration options made available to help control access and manage security:

  • --disable-http will not create a publicly accessible HTTP URL. When this is set, the only way to access the share is with vagrant connect.

In addition to these options, there are other features we've built to help:

  • Vagrant share uses end-to-end TLS for non-HTTP connections. So even unencrypted TCP streams are encrypted through the various proxies and only unencrypted during the final local communication between the local proxy and the Vagrant environment.

  • SSH keys are encrypted by default, using a password that is not transmitted to our servers or across the network at all.

  • SSH is not shared by default, it must explicitly be shared with the --ssh flag.

Most importantly, you must understand that by running vagrant share, you are making your Vagrant environment accessible by anyone who knows the share name. When share is not running, it is not accessible.

github logoEdit this page
IntroDocsBookVMwarePrivacySecurityPress KitConsent Manager