New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Transparent encryption and decryption for all tables that contain secrets or tokens #14214
Conversation
…e unit tests exist
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
This allow for types that can decrypt and encrypt themselves. However, it causes an issue with what encryptor to use
Co-authored-by: Asdine El Hrychy <asdine.elhrychy@gmail.com>
Ensuring the new types honour ConfiguredToEncrypt so that they can transparently encrypt and decrypt in the future.
…/encoding # Conflicts: # internal/secret/encryptor.go # internal/secret/encryptor_test.go # internal/secret/init.go
…/encoding # Conflicts: # internal/secret/scanner.go # internal/secret/scanner_test.go # migrations/frontend/bindata.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me but I feel like the boilerplate needed to encrypt a single field is still a bit too big.
We could leverage the fact that the encryption functions are available from everywhere to try to make it as transparent as possible. I have proposed a lead in a comment but not sure if that's enough
…/encoding # Conflicts: # migrations/frontend/bindata.go
Codecov Report
@@ Coverage Diff @@
## main #14214 +/- ##
==========================================
- Coverage 52.08% 51.74% -0.34%
==========================================
Files 1536 1536
Lines 78644 77819 -825
Branches 7024 6939 -85
==========================================
- Hits 40958 40266 -692
+ Misses 33986 33925 -61
+ Partials 3700 3628 -72
|
Since no real encryption is in place yet, there will be no harm to data if any application code behaves unexpected. Merging as-is and happy to address any post-merge comments! |
Encrypts and decrypts secrets columns in our database transparently.
Notes:
event_logs.argument
is left out, see discussions in Slack.repo.metadata
is not encrypted because we normalized most of its value and decided not worth encrypting.Co-authored-by: Dax McDonald 31839142+daxmc99@users.noreply.github.com