Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

control-plane: introduce a concept of SecretStore #138

Merged
merged 2 commits into from
Sep 4, 2019
Merged

control-plane: introduce a concept of SecretStore #138

merged 2 commits into from
Sep 4, 2019

Conversation

yskopets
Copy link
Contributor

@yskopets yskopets commented Sep 2, 2019
edited

motivation:

  • in order to implement "Builtin CA", we need to be able to persist secrets, such as "Root CA Key"

changes:

  • add SecretResource (should NOT be accessible via REST API)
  • add SecretStore abstraction
  • add k8s-specific implementation of SecretStore - to persist data in k8s Secrets
  • add universal implementation of SecretStore - to persist data in the underlying ResourceStore
  • add SecretManager abstraction - to encrypt data before saving them to SecretStore - to be used in universal mode with Postgres store
  • no actual encryption yet

@yskopets yskopets added this to the 0.1 milestone Sep 2, 2019
jakubdyszkiewicz
jakubdyszkiewicz reviewed Sep 2, 2019
View reviewed changes
components/konvoy-control-plane/pkg/core/secrets/model/secret.go Outdated
)

type Secret = core_system.SecretResource
type SecretList = core_system.SecretResourceList
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need aliases here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

aliases have been removed

components/konvoy-control-plane/pkg/core/secrets/manager/manager.go Outdated
}

func (s *secretManager) encrypt(secret *secret_model.Secret) error {
if 0 < len(secret.Spec.Value) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

super-nitpicking-and-question-about-style:
Why

if 0 < len(secret.Spec.Value)

and not

if len(secret.Spec.Value) > 0

The latter is more natural to me with former I need to stretch my brain just a tiny bit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replaced with if len(secret.Spec.Value) > 0

components/konvoy-control-plane/pkg/core/secrets/cryptor/cryptor.go Outdated
@@ -0,0 +1,14 @@
package cryptor

type Cryptor interface {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about Cipher? I think it's more appropriate name. I googled Cryptor and it seems not be used that much.
https://encyclopedia.kaspersky.com/glossary/cryptor/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

renamed into Cipher

@yskopets yskopets changed the base branch from feature/mtls-builtin-ca to master September 4, 2019 21:36
@yskopets yskopets merged commit ccc496e into master Sep 4, 2019
@yskopets yskopets deleted the feature/add-secret-store branch September 8, 2019 01:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yskopets @jakubdyszkiewicz