Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PBKDF2 passphrase key provider #1310

Merged
merged 16 commits into from
Mar 11, 2024
Merged

PBKDF2 passphrase key provider #1310

merged 16 commits into from
Mar 11, 2024

Conversation

janosdebugs
Copy link
Contributor

@janosdebugs janosdebugs commented Feb 26, 2024
edited

This PR adds the PBKDF2 passphrase key provider.

Resolves #1168

Target Release

1.7.0

@github-actions GitHub Actions
Copy link

Reminder for the PR assignee: If this is a user-visible change, please update the changelog as part of the PR.

@janosdebugs janosdebugs force-pushed the features/1168-key-provider-passphrase branch from d93c900 to 50b4c1f Compare February 26, 2024 19:16
@cam72cam cam72cam force-pushed the features/1168-key-provider-passphrase branch from 50b4c1f to 969d62c Compare March 7, 2024 18:15
@cam72cam cam72cam changed the base branch from main to aws_kms_prototype March 7, 2024 18:42
@cam72cam cam72cam force-pushed the features/1168-key-provider-passphrase branch from 1aec64c to 3309c17 Compare March 7, 2024 19:02
@cam72cam cam72cam marked this pull request as ready for review March 7, 2024 19:03
@cam72cam cam72cam requested a review from a team as a code owner March 7, 2024 19:03
@cam72cam cam72cam marked this pull request as draft March 7, 2024 19:03
Yantrio
Yantrio previously requested changes Mar 8, 2024
View reviewed changes
Copy link
Member

@Yantrio Yantrio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall, just a few nitpicks.

internal/command/meta_encryption.go Outdated Show resolved Hide resolved
internal/encryption/example_test.go Outdated Show resolved Hide resolved
internal/encryption/keyprovider/README.md Outdated Show resolved Hide resolved
internal/encryption/keyprovider/README.md Outdated Show resolved Hide resolved
internal/encryption/keyprovider/README.md Outdated Show resolved Hide resolved
internal/encryption/keyprovider/pbkdf2/README.md Outdated Show resolved Hide resolved
internal/encryption/keyprovider/pbkdf2/config.go Show resolved Hide resolved
internal/encryption/keyprovider/pbkdf2/config_fips.go Outdated Show resolved Hide resolved
internal/encryption/keyprovider/pbkdf2/config_test.go Show resolved Hide resolved
internal/encryption/keyprovider/pbkdf2/example_test.go Outdated Show resolved Hide resolved
@cam72cam cam72cam force-pushed the aws_kms_prototype branch 2 times, most recently from 3261170 to 8944e70 Compare March 8, 2024 12:56
janosdebugs and others added 9 commits March 8, 2024 14:15
@janosdebugs
Issue #1168: PBKDF2 passphrase provider
f146655 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam @janosdebugs
Cleanup pbkdf2 metadata processing
b33c770 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam @janosdebugs
Fix pbkdf2 example_test.go
43da4ec 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@cam72cam @janosdebugs
Fix go imports
28b90c0 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
@janosdebugs
PBKDF2 tests and general key provider documentation
845fe6d 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs @Yantrio
Apply suggestions from code review
0c9cb9d 
Co-authored-by: James Humphries <jamesh@spacelift.io>
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Addressing code review comments
fc1d6d9 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Full test coverage
7731806 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Removed leftover aws_kms
35dc5d9 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs janosdebugs force-pushed the features/1168-key-provider-passphrase branch from c83c6b1 to 35dc5d9 Compare March 8, 2024 13:17
@janosdebugs
End-user documentation
2a95206 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs janosdebugs marked this pull request as ready for review March 8, 2024 13:57
@janosdebugs janosdebugs changed the base branch from aws_kms_prototype to main March 8, 2024 13:58
@janosdebugs janosdebugs requested review from Yantrio, a team and cam72cam March 8, 2024 13:59
@janosdebugs janosdebugs changed the title Fixes #1168: Passphrase key providers PBKDF2 passphrase key provider Mar 8, 2024
@janosdebugs
Removing the static key provider from the default registry
030bf26 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Fixed broken web-edited code
d2b263c 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Code consistency fix
54809c2 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs
Fixed encryption example
0a4c106 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
cube2222
cube2222 previously approved these changes Mar 8, 2024
View reviewed changes
Copy link
Collaborator

@cube2222 cube2222 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one!

cam72cam
cam72cam previously approved these changes Mar 8, 2024
View reviewed changes
Yantrio
Yantrio previously approved these changes Mar 11, 2024
View reviewed changes
@janosdebugs
Added migration steps to encryption documentation
3b7b3c7 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs janosdebugs dismissed stale reviews from Yantrio, cam72cam, and cube2222 via 1b3507d March 11, 2024 13:14
@janosdebugs
Removed error message parenthesis
1b3507d 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
@janosdebugs janosdebugs merged commit a18e643 into main Mar 11, 2024
8 checks passed
@janosdebugs janosdebugs deleted the features/1168-key-provider-passphrase branch March 11, 2024 13:24
IgnorantSapient pushed a commit to IgnorantSapient/opentofu that referenced this pull request Apr 1, 2024
@janosdebugs @cam72cam
@Yantrio @IgnorantSapient
PBKDF2 passphrase key provider (opentofu#1310)
c549569 
Signed-off-by: Janos <86970079+janosdebugs@users.noreply.github.com>
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: Christian Mesh <christianmesh1@gmail.com>
Co-authored-by: James Humphries <jamesh@spacelift.io>
Signed-off-by: Ashwin Annamalai <4549937+IgnorantSapient@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cube2222 cube2222 cube2222 left review comments

@cam72cam cam72cam cam72cam approved these changes

@StephanHCB StephanHCB StephanHCB approved these changes

@Yantrio Yantrio Yantrio left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[State Encryption] Key providers (passphrase)
5 participants
@janosdebugs @Yantrio @cam72cam @cube2222 @StephanHCB