Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
feature: change encryption keys #199
For a week or so I've been chipping away at this feature little by little. It uses the new memberlist keyring feature to allow Serf to handle encryption key changes in a running cluster. I feel like it's feature-complete, and ready to start gathering some suggestions on the code itself.
There is more conversation around the feature in general in #194.
The bottom line on what it does can be seen with a few command examples. All of the operations are idempotent, so you can just keep running them without negative consequences if they fail.
Install a new key
Change the key used to encrypt messages:
List keys in use on the cluster:
Remove a key:
Error conditions during key operations:
I know this pull request is pretty massive, so if splitting it into smaller chunks is preferred, I can try doing that. Just let me know!
@ryanuber Wow! This is a huge PR! Awesome work! I will try to comb through this over the weekend.
My thinking was that if the commands are idempotent, you would just do a