Skip to content

feat: implement age values encryption #1709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 68 commits into from
Sep 23, 2024
Merged

feat: implement age values encryption #1709

merged 68 commits into from
Sep 23, 2024

Conversation

@ferruhcihan
Copy link
Collaborator

@ferruhcihan ferruhcihan commented Sep 10, 2024
edited
Loading

Implements:

https://jira.linode.com/browse/APL-184

Guidelines:

https://collaborate.akamai.com/confluence/display/APL/Age

Description:

This PR implements age values encryption, adds age into the tools image and updates bootstrap.ts for age key generation.
Is paired with: linode/apl-console#432 and linode/apl-api#553

NB: Following items will be done after reviews and testing

  • Tools image with v2.5.0
  • update versions.yaml

Checklist

  • Architecture Design Records have been added as adr/*.md and appended to list in adr/_index.md, if applicable.
  • The values-schema.yaml file and test/** fixtures have been updated to reflect code changes, if applicable.
  • The OpenApi Schema from redkubes/otomi-api project is compatible with definitions from values-schema.yaml file, if applicable.
  • Helm releases are meeting otomi's baseline security policies, if applicable.
  • Helm chart and helmfile changes are tested against upgrade scenario, if applicable.

@ferruhcihan ferruhcihan mentioned this pull request Sep 10, 2024
Merged
@Ani1357 Ani1357 self-requested a review September 16, 2024 15:42
Ani1357
Ani1357 approved these changes Sep 16, 2024
View reviewed changes
Copy link
Contributor

@Ani1357 Ani1357 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested deploying branch with KMS enabled: ✅
Followed guideline for rotation AGE key: ✅

@merll
Copy link
Contributor

merll commented Sep 17, 2024

I have tested this also on a cluster initialized without any SOPS configuration. Maybe not a common use case, but also works well.

@merll merll self-requested a review September 17, 2024 13:55
@srodenhuis srodenhuis merged commit 20ced03 into main Sep 23, 2024
9 of 10 checks passed
@srodenhuis srodenhuis deleted the fc-feat-values-enc branch September 23, 2024 13:21
@ferruhcihan ferruhcihan mentioned this pull request Sep 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@merll merll merll approved these changes

@Ani1357 Ani1357 Ani1357 approved these changes

@j-zimnowoda j-zimnowoda Awaiting requested review from j-zimnowoda j-zimnowoda is a code owner

@CasLubbers CasLubbers Awaiting requested review from CasLubbers CasLubbers is a code owner

@srodenhuis srodenhuis Awaiting requested review from srodenhuis

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ferruhcihan @merll @Ani1357 @srodenhuis