add automatic state store encryption

[yaron2]

This PR brings automatic state encryption with key rotation support to all Dapr state stores.

Closes #1090.

[codecov]

Codecov Report

Merging #3589 (fd8ff70) into master (fe02831) will decrease coverage by 0.36%.
The diff coverage is 41.66%.

@@            Coverage Diff             @@
##           master    #3589      +/-   ##
==========================================
- Coverage   60.64%   60.28%   -0.37%     
==========================================
  Files          97       99       +2     
  Lines        8790     8968     +178     
==========================================
+ Hits         5331     5406      +75     
- Misses       3078     3160      +82     
- Partials      381      402      +21     

Impacted Files	Coverage Δ
pkg/config/configuration.go	71.01% <ø> (ø)
pkg/grpc/api.go	58.19% <0.00%> (-3.06%)	⬇️
pkg/http/api.go	79.06% <0.00%> (-3.37%)	⬇️
pkg/encryption/encryption.go	63.51% <63.51%> (ø)
pkg/runtime/runtime.go	54.35% <69.23%> (+0.32%)	⬆️
pkg/encryption/state.go	82.60% <82.60%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fe02831...fd8ff70. Read the comment docs.

[artursouza]

Sorry, I found this thing in how it is serializing into byte[] prior to encrypting. Can we have an E2E test showing that this works? Also, I think we should wrap this as a experimental feature.

[yaron2]

Sorry, I found this thing in how it is serializing into byte[] prior to encrypting. Can we have an E2E test showing that this works? Also, I think we should wrap this as a experimental feature.

I added a test to ensure base64 values get encrypted and decrypted successfully.

[mukundansundar]

I agree with Artur on this, since we are modifying one of the most basic features of Dapr, we need to have an E2E for it for sure as well as wrap it in a feature flag as experimental for the first release and then later release it completely.

[artursouza]

nit: please, use this enum instead:

dapr/pkg/config/configuration.go

Line 40 in a30488d

PubSubRouting Feature = "PubSub.Routing"

[artursouza]

Also, name it State.Encryption.

[yaron2]

That's the first time I see the "centralized" list.. it's mostly an anti-pattern in Go as packages are expected to be self-governed and all encompassing, also test dependencies or 3rd parties wanting to use the feature names now need to pull the dependencies of configuration. I made that change for now but will probably open an issue to disperse these among their respective packages.