First I should note that we don’t by default encrypt the traffic between the application and Secretless since this is by design a local connection. We recommend using the native properties of the system to prevent unauthorized external entities from gaining access to the app’s local environment, so that encryption of the local connection isn’t critical.
We have considered optionally enabling local encryption for the app-to-Secretless connection, but to design a useful solution we would need to understand the use case better. It’s also not clear the cost of implementing a solution like this is commensurate with the security benefit - we’d have to implement this in such a way that the app could securely connect to Secretless in the local environment, but a hacker with access to the same local environment couldn’t still impersonate the app, which presents challenges.
Since this has come up before, I did log an issue for it here and labeled it as needing more info. I’d be glad if anyone interested in this use case could add more information to the ticket with what they’d be looking for in a solution like this.
Thanks for asking! I’ll check with the Secretless team to see if they have any other recommendations for securing the app’s local environment, too.