Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tink is installed by default on server 4.2. + #8696

Merged
merged 2 commits into from
Apr 11, 2024
Merged

Tink is installed by default on server 4.2. + #8696

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
699a78e
tink is default on server 4.1+
soulchips Apr 10, 2024
e1f411d
adding 4.2 upgrade note about vault and tink
soulchips Apr 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 3 additions & 3 deletions jekyll/_cci2/server/v4.1/installation/phase-2-core-services.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -786,9 +786,9 @@ proxy:

=== n. Encrypting Environment Variables

All environment variables stored in contexts are encrypted using either https://www.vaultproject.io/[Hashicorp Vault] or https://developers.google.com/tink[Google Tink]. By Default, CircleCI server 4.x will use Vault to generate and store encryption keys.
All environment variables stored in contexts are encrypted using either https://developers.google.com/tink[Google Tink] or https://www.vaultproject.io/[Hashicorp Vault]. We recommend the use of Tink as Vault has been deprecated.

==== Use Tink (optional)
==== Use Tink

The following steps cover using Tink as an alternative to Vault:

Expand All @@ -797,7 +797,7 @@ The following steps cover using Tink as an alternative to Vault:
[source,yaml]
----
tink:
enabled: false
enabled: true
keyset: ""
----
+
Expand Down
6 changes: 3 additions & 3 deletions jekyll/_cci2/server/v4.2/installation/phase-2-core-services.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -799,9 +799,9 @@ proxy:

=== n. Encrypting Environment Variables

All environment variables stored in contexts are encrypted using either https://www.vaultproject.io/[Hashicorp Vault] or https://developers.google.com/tink[Google Tink]. By Default, CircleCI server 4.2 will use Vault to generate and store encryption keys.
All environment variables stored in contexts are encrypted using either https://developers.google.com/tink[Google Tink] or https://www.vaultproject.io/[Hashicorp Vault]. We recommend the use of Tink as Vault has been deprecated.

==== Use Tink (optional)
==== Use Tink

The following steps cover using Tink as an alternative to Vault:

Expand All @@ -810,7 +810,7 @@ The following steps cover using Tink as an alternative to Vault:
[source,yaml]
----
tink:
enabled: false
enabled: true
keyset: ""
----
+
Expand Down
5 changes: 5 additions & 0 deletions jekyll/_cci2/server/v4.2/installation/upgrade-server.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,8 @@ helm diff upgrade circleci-server oci://cciserver.azurecr.io/circleci-server -n
helm upgrade circleci-server oci://cciserver.azurecr.io/circleci-server -n $namespace --version <version> -f <path-to-values.yaml> --username $USERNAME --password $PASSWORD

. Deploy and run link:https://github.com/circleci/realitycheck[`reality check`] in your test environment to ensure your installation is fully operational.

[#vault]
=== Vault

We have moved away from Vault to Tink for encryption. The process for migration is link:https://github.com/CircleCI-Public/server-scripts/tree/main/vault-to-tink[documented here], and includes a convenience script to move existing secrets. You should complete the migration to Tink on your v4.2.x installation after upgrading. Customers that do not perform this step may have issues restoring Vault from backup in v4.2.
6 changes: 3 additions & 3 deletions jekyll/_cci2/server/v4.3/installation/phase-2-core-services.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -806,9 +806,9 @@ proxy:

=== n. Encrypting Environment Variables

All environment variables stored in contexts are encrypted using either https://www.vaultproject.io/[Hashicorp Vault] or https://developers.google.com/tink[Google Tink]. By Default, CircleCI server v4.3 will use Vault to generate and store encryption keys.
All environment variables stored in contexts are encrypted using either https://developers.google.com/tink[Google Tink] or https://www.vaultproject.io/[Hashicorp Vault]. We recommend the use of Tink as Vault has been deprecated.

==== Use Tink (optional)
==== Use Tink

The following steps cover using Tink as an alternative to Vault:

Expand All @@ -817,7 +817,7 @@ The following steps cover using Tink as an alternative to Vault:
[source,yaml]
----
tink:
enabled: false
enabled: true
keyset: ""
----
+
Expand Down
6 changes: 3 additions & 3 deletions jekyll/_cci2/server/v4.4/installation/phase-2-core-services.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -806,9 +806,9 @@ proxy:

=== n. Encrypting Environment Variables

All environment variables stored in contexts are encrypted using either https://www.vaultproject.io/[Hashicorp Vault] or https://developers.google.com/tink[Google Tink]. By Default, CircleCI server v4.4 will use Vault to generate and store encryption keys.
All environment variables stored in contexts are encrypted using either https://developers.google.com/tink[Google Tink] or https://www.vaultproject.io/[Hashicorp Vault]. We recommend the use of Tink as Vault has been deprecated.

==== Use Tink (optional)
==== Use Tink

The following steps cover using Tink as an alternative to Vault:

Expand All @@ -817,7 +817,7 @@ The following steps cover using Tink as an alternative to Vault:
[source,yaml]
----
tink:
enabled: false
enabled: true
keyset: ""
----
+
Expand Down