CredHub Network Communications

This topic describes CredHub internal network communication paths with other Pivotal Application Service (PAS) components.

Inbound Communications

The following table lists network communication paths that are inbound to the CredHub.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
api credhub 8844 TCP HTTPS OAuth 2.0
diego-cell credhub 8844 TCP HTTPS Mutual TLS†
windows-cell credhub 8844 TCP HTTPS Mutual TLS†
windows2016-cell credhub 8844 TCP HTTPS Mutual TLS†

Outbound Communications

The following table lists network communication paths that are outbound from the CredHub.

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
credhub uaa 8443 TCP HTTPS n/a
credhub database* 3306 TCP MySQL MySQL authentication**

*Applies only to deployments where internal MySQL is selected as the database.

**MySQL authentication uses the MySQL native password method.

†Diego cells use the certificate pairs generated for individual containers to authenticate with CredHub on behalf of applications.

BOSH DNS Communications

Application containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director colocates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS Network Communications.

Create a pull request or raise an issue on the source for this page in GitHub