Best practice

The following sections give some recommendations for best practices when commissioning and using the Volt4.

Volt4 Key Strategy

The ‘insecure’ Battery mode along with the Battery key strategy is intended for development and testing environments only.

At a minimum, the Battery should be secured with a password. In this configuration the Battery database is encrypted at rest. As such, any Volt4s that are configured to use the Battery key strategy at least have their key stored in an encrypted database.

However, it is recommended to use the Volt4 pkcs#11 or local file key storage. This enables the key to be encrypted and stored in a file on disk, including a secure removable storage medium.

An added benefit of the ‘local file’ key strategy is that it makes it much easier to establish a remote connection to your Volt4 via the fusebox, which requires the root key to be available in order to be able to configure the connection.

Secure the Volt key

Related to the above, and in line with least privilege practices, it is recommended to not use the Volt4 root key for applications or scripts, or for anything other than securing your Volt4. Instead, create a separate identity for each use case or scenario and only share the data required to complete the task at hand.

For example, when provisioning the protoDbSync utility, create a new identity called protoDbSync client and copy the configuration into the required configuration file, rather than using the root Volt4 key.