Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aws kms #120

Merged
merged 20 commits into from
Mar 7, 2019
Merged

Aws kms #120

merged 20 commits into from
Mar 7, 2019

Conversation

shaikatz
Copy link
Contributor

@shaikatz shaikatz commented Mar 3, 2019
edited
Loading

Closes #60

omerlh
omerlh suggested changes Mar 3, 2019
View reviewed changes
src/decrypt-api/Startup.cs Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
omerlh
omerlh suggested changes Mar 3, 2019
View reviewed changes
README.md Outdated Show resolved Hide resolved
@max-lobur max-lobur mentioned this pull request Mar 4, 2019
Closed
@shaikatz shaikatz marked this pull request as ready for review March 7, 2019 06:30
@shaikatz
Copy link
Contributor Author

shaikatz commented Mar 7, 2019

@omerlh
I've changed the default authentication per @max-lobur advise, please review so we can merge that.

@shaikatz shaikatz mentioned this pull request Mar 7, 2019
Merged
omerlh
omerlh suggested changes Mar 7, 2019
View reviewed changes
README.md

We look forward to add support for other cloud solutions, like AWS KMS.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe keep this section just say "add support for other solutions, like HSM"?

docs/install.md
Using [AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) as the key managment solution is the secure solution when running a cluster on AWS Cloud.
There are 2 options to authentication with the KMS:
1. Kamus by default will try to use the regular AWS SDK discovery mechinisem, if your cluster in AWS you need to map IAM role to kamus POD by using one of the community tools, for example [kiam](https://github.com/uswitch/kiam).
2. Provide user access key and secret with KMS access.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a quick note on what is required when initializing KMS?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, maybe add a note on the required IAM permissions for Kamus?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you elaborate? I can't think of anything required other than permissions to KMS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad, you're right. Just specify the IAM role?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added below that the required IAM role/user permissions for kamus to work properly is full KMS access.

src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
src/key-managment/AwsKeyManagement.cs Outdated Show resolved Hide resolved
omerlh
omerlh suggested changes Mar 7, 2019
View reviewed changes
docs/install.md
Using [AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html) as the key managment solution is the secure solution when running a cluster on AWS Cloud.
There are 2 options to authentication with the KMS:
1. Kamus by default will try to use the regular AWS SDK discovery mechinisem, if your cluster in AWS you need to map IAM role to kamus POD by using one of the community tools, for example [kiam](https://github.com/uswitch/kiam).
2. Provide user access key and secret with KMS access.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, maybe add a note on the required IAM permissions for Kamus?

@shaikatz shaikatz requested a review from omerlh March 7, 2019 07:44
@omerlh
Copy link
Contributor

omerlh commented Mar 7, 2019

Don't forget to bump the version of the API in the CSPROJ :)

@shaikatz shaikatz merged commit 973d1bc into master Mar 7, 2019
@shaikatz shaikatz deleted the aws-kms branch March 10, 2019 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@max-lobur max-lobur max-lobur left review comments

@omerlh omerlh omerlh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shaikatz @omerlh @max-lobur