Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(security): multiple encryption options, API tokens, easier setup #125

Merged
merged 9 commits into from
Jan 26, 2024
Merged

feat(security): multiple encryption options, API tokens, easier setup #125

merged 9 commits into from
Jan 26, 2024

Conversation

abelanger5
Copy link
Contributor

This PR adds the following features:

  1. Encryption options using the Tink cryptographic library.
    a. Local master key passed in as an environment variable. This can be generated via hatchet-admin keyset create-master.
    b. CloudKMS-backed master key. This can be generated on CloudKMS by following the instructions in CONTRIBUTING.md.
    c. Local JWT signing and verification keys can be generated via hatchet-admin keyset create-local-jwt (unencrypted and passed in as env var) or hatchet-admin keyset create-cloudkms-jwt (encrypted and passed in as env var).

  2. API tokens which can be generated from the settings page in the platform. They should be used by SDKs by setting HATCHET_CLIENT_TOKEN.

More docs to come.

@vercel Vercel
Copy link

vercel bot commented Jan 26, 2024
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
hatchet ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jan 26, 2024 8:27pm

abelanger5
abelanger5 commented Jan 26, 2024
View reviewed changes
CONTRIBUTING.md Show resolved Hide resolved
api/v1/server/authn/middleware.go Outdated Show resolved Hide resolved
api/v1/server/authz/middleware.go Outdated Show resolved Hide resolved
api/v1/server/handlers/api-tokens/list.go Outdated Show resolved Hide resolved
api/v1/server/authz/middleware.go Show resolved Hide resolved
prisma/schema.prisma Show resolved Hide resolved
internal/encryption/envelope.go Outdated Show resolved Hide resolved
internal/encryption/cloudkms_test.go Outdated Show resolved Hide resolved
internal/auth/token/token.go Outdated Show resolved Hide resolved
internal/auth/token/token.go Outdated Show resolved Hide resolved
grutt
grutt approved these changes Jan 26, 2024
View reviewed changes
Copy link
Contributor

@grutt grutt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, minor comments

api/v1/server/authn/middleware.go Show resolved Hide resolved
api/v1/server/authn/middleware.go Show resolved Hide resolved
api/v1/server/authn/middleware.go Outdated Show resolved Hide resolved
api/v1/server/handlers/api-tokens/revoke.go Outdated Show resolved Hide resolved
api/v1/server/handlers/api-tokens/list.go Outdated Show resolved Hide resolved
internal/config/loader/loader.go Show resolved Hide resolved
hack/dev/generate-dev-api-token.sh Show resolved Hide resolved
internal/repository/prisma/dbsqlc/schema.sql Show resolved Hide resolved
internal/services/grpc/middleware/auth.go Show resolved Hide resolved
python-client/hatchet_sdk/events_pb2_grpc.py Outdated Show resolved Hide resolved
@abelanger5 abelanger5 merged commit 78685d0 into main Jan 26, 2024
15 checks passed
@abelanger5 abelanger5 deleted the belanger/encryption branch January 26, 2024 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grutt grutt grutt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@abelanger5 @grutt