diff --git a/code/XMLTester.xml b/code/XMLTester.xml
index 122880177..87a186c44 100644
--- a/code/XMLTester.xml
+++ b/code/XMLTester.xml
@@ -825,6 +825,74 @@
+
+
+
+ 44.53.00.5f.45.50.52.4f.53.49.4d.41
+
+
+ SERVER
+
+
+
+
+ 0.0.0.0
+ 11811
+
+
+
+
+
+
+
+
+ dds.sec.auth.plugin
+ builtin.PKI-DH
+
+
+
+
+ dds.sec.auth.builtin.PKI-DH.identity_ca
+ file://maincacert.pem
+
+
+ dds.sec.auth.builtin.PKI-DH.identity_certificate
+ file://appcert.pem
+
+
+ dds.sec.auth.builtin.PKI-DH.private_key
+ file://appkey.pem
+
+
+
+
+ dds.sec.access.plugin
+ builtin.Access-Permissions
+
+
+
+
+ dds.sec.access.builtin.Access-Permissions.permissions_ca
+ file://maincacet.pem
+
+
+ dds.sec.access.builtin.Access-Permissions.governance
+ file://governance.smime
+
+
+ dds.sec.access.builtin.Access-Permissions.permissions
+ file://permissions.smime
+
+
+
+
+ dds.sec.crypto.plugin
+ builtin.AES-GCM-GMAC
+
+
+
+
+
<-->
diff --git a/docs/fastdds/discovery/discovery_server.rst b/docs/fastdds/discovery/discovery_server.rst
index bbda3fdab..2a3d9453a 100644
--- a/docs/fastdds/discovery/discovery_server.rst
+++ b/docs/fastdds/discovery/discovery_server.rst
@@ -389,3 +389,33 @@ Client side setup
| :lines: 2-3,5-40 |
| :append: |
+---------------------------------------------------------------------+
+
+.. _DS_security:
+
+Security
+^^^^^^^^
+
+Configuring :ref:`security` on *servers* and *clients* is done the same way as for any other participant.
+This section depicts the limitations imposed by the security enforcement on the communication between
+*clients* and *servers*, and which discovery information is propagated by a *server* depending on the security
+configuration of the *clients* and *servers* to which it is connected.
+
+It is important to note that for enabling a secure discovery when using Discovery Server, *Fast DDS* must be compiled
+with security support (see :ref:`cmake_options`), and the :ref:`domain_governance_doc` must explicitly encrypt the
+discovery.
+
+As in SDP, when using this feature, the Domain Governance Document of all *clients* and *servers* connecting to a
+*server* must match that of the *server*, which implies that all |DomainParticipants| belonging to the same Discovery
+Sever network must configure the discovery protection in the same manner.
+
+Although the *server* mediates the discovery process and creates connections between *clients*, the *clients* themselves
+still go through the PKI (Public Key Infrastructure) exchange in order to have a secure communication between them.
+
+.. important::
+
+ In order to keep the behavior consistent with the QoS Policies, the *server* does not check the
+ :ref:`domainparticipant_permissions_doc` of the |DomainParticipants| that it is connecting.
+
+.. important::
+
+ Security support for Discovery Server is only supported from Fast DDS v2.10.0 onward.
diff --git a/docs/fastddscli/cli/cli.rst b/docs/fastddscli/cli/cli.rst
index 048afaead..5070fd512 100644
--- a/docs/fastddscli/cli/cli.rst
+++ b/docs/fastddscli/cli/cli.rst
@@ -97,6 +97,7 @@ The output is:
### Server is running ###
Participant Type:
+ Security:
Server ID:
Server GUID prefix: 44.53..5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv4:[]:
@@ -106,6 +107,10 @@ Once the *server* is instantiated, the *clients* can be configured either progra
:ref:`discovery_server`), or using environment variable ``ROS_DISCOVERY_SERVER`` (see
:ref:`env_vars_ros_discovery_server`)
+.. note::
+ The :ref:`security` configuration of the discovery server should be done through XML.
+ See example below.
+
.. _cli_discovery_examples:
Examples
@@ -125,6 +130,7 @@ Examples
### Server is running ###
Participant Type: SERVER
+ Security: NO
Server ID: 0
Server GUID prefix: 44.53.00.5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv4:[0.0.0.0]:11811
@@ -143,6 +149,7 @@ Examples
### Server is running ###
Participant Type: SERVER
+ Security: NO
Server ID: 1
Server GUID prefix: 44.53.01.5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv4:[127.0.0.1]:14520
@@ -171,6 +178,7 @@ Examples
### Server is running ###
Participant Type: SERVER
+ Security: NO
Server ID: 1
Server GUID prefix: 44.53.01.5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv6:[2a02:ec80:600:ed1a::3]:14520
@@ -190,6 +198,7 @@ Examples
### Server is running ###
Participant Type SERVER
+ Security: NO
Server ID: 2
Server GUID prefix: 44.53.02.5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv4:[192.168.36.34]:8783
@@ -217,6 +226,7 @@ Examples
### Server is running ###
Participant Type BACKUP
+ Security: NO
Server ID: 3
Server GUID prefix: 44.53.03.5f.45.50.52.4f.53.49.4d.41
Server Addresses: UDPv4:[172.30.144.1]:12345
@@ -234,10 +244,29 @@ Examples
.. code-block:: bash
### Server is running ###
- Participant Type: SERVER
- Server ID: 0
- Server GUID prefix: 44.53.00.5f.45.50.52.4f.53.49.4d.41
- Server Addresses: UDPv4:[127.0.0.1]:14520
+ Participant Type: SERVER
+ Security: NO
+ Server ID: 0
+ Server GUID prefix: 44.53.00.5f.45.50.52.4f.53.49.4d.41
+ Server Addresses: UDPv4:[127.0.0.1]:14520
+
+7. Launch a secure server with id 0 (first on ``ROS_DISCOVERY_SERVER``)
+ listening on all available interfaces on UDP port '11811'.
+
+ .. code-block:: bash
+
+ fastdds discovery -x secure_discovery_server_cli@[PATH_TO_FILE]/DiscoveryServerCLI.xml
+
+ Output:
+
+ .. code-block:: bash
+
+ ### Server is running ###
+ Participant Type: SERVER
+ Security: YES
+ Server ID: 0
+ Server GUID prefix: 44.53.00.5f.45.50.52.4f.53.49.4d.41
+ Server Addresses: UDPv4:[0.0.0.0]:11811
.. _cli_shm: