VeilNet
Login

Taint

Control which Conflux nodes can talk using taints. Simple labels—no IdP required. Scale without allowlist sprawl.

Introduction

Taint is a VeilNet concept for controlling access between applications. It’s inspired by Kubernetes taints. A taint is a simple label (a single string); you cannot use = in a taint. Use the application’s role or environment, e.g. web, api, database, cache, prod, staging, us-east, or backup.

In short, two VeilNet Conflux nodes can communicate if:

  • Both nodes have at least one taint and are registered by the same registration token.
  • The taint(s) of one node must be either a superset or a subset of the taint(s) on the other node.

Set Taint on a VeilNet Conflux Node

You can add taints to a VeilNet Conflux node after the anchor protocol is started.

package main

import (
    "context"
    "github.com/veil-net/conflux/anchor"
    pb "github.com/veil-net/conflux/proto"
)

func main() {

    subprocess, _, err := anchor.StartConflux(token, tag, ip, nil, nil)
    if err != nil {
        log.Fatal(err)
    }
    defer subprocess.Stop()

    // Add taint to the conflux node
    _, err = anchor.AddTaint(context.Background(), &pb.AddTaintRequest{
            Taint: "test",
        })
        if err != nil {
      return
    }
}

Remove Taint from a VeilNet Conflux Node

You can remove taints from a VeilNet Conflux node after the anchor protocol is started.

package main

import (
    "context"
    "github.com/veil-net/conflux/anchor"
    pb "github.com/veil-net/conflux/proto"
)

func main() {

    // ...

    _, err = anchor.RemoveTaint(context.Background(), &pb.RemoveTaintRequest{
            Taint: taint,
        })
    if err != nil {
      return
    }
}

OAuth

OAuth and JWT identity for VeilNet

Advanced Integration

Advanced VeilNet Conflux configuration

VeilNet • © 2026 All rights reserved