Circuit Self-managed infrastructure, programmatic monitoring and orchestration

Security

By default, circuit servers and clients communicate over plaintext TCP. A HMAC-based symmetric authentication, followed by an asymmetric RC4 stream cipher is supported.

To enable encryption, use the -hmac command-line option to point the circuit executable to a file containing the private key for your circuit. For instance:

	circuit start -a 10.0.0.1 -hmac .hmac

Or, if you are invoking the tool:

	circuit ls -hmac .hmac /...

Alternatively, you can set the environment CIRCUIT_HMAC to point to the private key file.

To generate a new private key for your circuit, use the command

	circuit keygen

Networking

From a networking and protocol standpoint, circuit servers and clients are peers: All communications (server-server and server-client) use a common RPC framework which often entails a server being able to reverse-dial into a client.

For this reason, circuit clients (the circuit tool or your apps) CANNOT be behind a firewall with respect to the servers they are dialing into.