-
Notifications
You must be signed in to change notification settings - Fork 779
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add OpenBao as key provider for state encryption #1436
Conversation
Signed-off-by: ollevche <ollevche@gmail.com>
Reminder for the PR assignee: If this is a user-visible change, please update the changelog as part of the PR. |
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice one!
I'd like for Janos to have a final look at this before merging, please.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work, just lots of tiny nit-picks! Thanks for this!
a0a1d1e
a0a1d1e
to
7316f84
Compare
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for all the fixes!
Signed-off-by: ollevche <ollevche@gmail.com>
Note: we need to update the links in docs once the OpenBao website is up and running. Created an issue in OpenBao: openbao/openbao#262 |
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
Signed-off-by: ollevche <ollevche@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think my comments about key and paths are worth holding up this PR over, looks good @ollevche! Looking forward to this feature and thanks for the collaboration :-D
Signed-off-by: ollevche <ollevche@gmail.com>
Description
This PR adds a new key provider implementation backed by OpenBao (part of #1174).
The implementation is based on Transit Secret Engine: GenerateDataKey and Decrypt API endpoints.
Documentation will be added as another PR.Here is how user-facingkey_provider
block looks like:I tested it manually and ran compliance tests against OpenBao, Vault, and internal mock.
Update
data_key_bit_size
(bits) changed tokey_length
(bytes)transit_engine_path
fieldTarget Release
1.7.0