.. include:: vars.rst

.. _section-security:

Security
********

You can use symmetric cryptography using pre-shared keys to protect the
communication between |CDS| and the user’s |DPs|, as described in
:link_connext_dds_secure_um:`Security Considerations when Using Cloud Discovery Service
<p4_integrations/real-time_wan_transport.html#security-considerations-when-using-cloud-discovery-service>`.

More concretely you can protect:

* The exchange of participant announcements by setting the property
  ``com.rti.serv.secure.authentication.participant_discovery_protection_key``
  (see :link_connext_dds_secure_um:`Properties for Configuring Authentication in the Security
  Plugins User's Manual
  <p2_core/authentication.html#properties-for-configuring-authentication>`).
* The exchange of ``BINDING_PING`` messages when using the |RWT| by setting the
  property ``com.rti.serv.secure.cryptography.rtps_protection_key`` (see
  :link_connext_dds_secure_um:`Properties for Configuring Cryptography in the Security Plugins
  User's Manual
  <p2_core/cryptography.html#properties-for-configuring-cryptography>`).

In |CDS|, the above two properties can be set by updating the ``<property>``
tag inside the ``<security>`` tag (see :ref:`Configuration for Security <section-config-security>`).