Security Model
DSM includes production-oriented security primitives for replication traffic.
Core Protections
- HMAC message signing
- nonce-based replay protection
- cluster admission validation
Spring Boot Properties
Security is configured under dsm.security.*.
Key properties:
dsm.security.enableddsm.security.cluster-secretdsm.security.nonce.window-sizedsm.security.nonce.max-clock-drift
Operational Advice
- treat the cluster secret as production credential material
- rotate keys through controlled rollout plans
- keep
serviceIdstable because it is part of the isolation model - monitor authentication failures and replay rejections through
DsmMetrics
Metrics Hooks
The metrics SPI includes callbacks for:
- auth failures
- replay rejections
- admission denials
- service ID mismatches
- dropped messages
That lets platform teams connect security events to existing dashboards and alerts.