-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
control-plane: introduce a concept of SecretStore #138
Conversation
) | ||
|
||
type Secret = core_system.SecretResource | ||
type SecretList = core_system.SecretResourceList |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need aliases here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aliases have been removed
} | ||
|
||
func (s *secretManager) encrypt(secret *secret_model.Secret) error { | ||
if 0 < len(secret.Spec.Value) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
super-nitpicking-and-question-about-style:
Why
if 0 < len(secret.Spec.Value)
and not
if len(secret.Spec.Value) > 0
The latter is more natural to me with former I need to stretch my brain just a tiny bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
replaced with if len(secret.Spec.Value) > 0
@@ -0,0 +1,14 @@ | |||
package cryptor | |||
|
|||
type Cryptor interface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about Cipher
? I think it's more appropriate name. I googled Cryptor and it seems not be used that much.
https://encyclopedia.kaspersky.com/glossary/cryptor/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
renamed into Cipher
a233cfe
to
83bcb7c
Compare
motivation:
changes:
SecretResource
(should NOT be accessible via REST API)SecretStore
abstractionk8s
-specific implementation ofSecretStore
- to persist data in k8s Secretsuniversal
implementation ofSecretStore
- to persist data in the underlying ResourceStoreSecretManager
abstraction - to encrypt data before saving them toSecretStore
- to be used inuniversal
mode withPostgres
store