Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hide encryption key fetching behind an interface #3304

Closed
dmjb opened this issue May 10, 2024 · 0 comments · Fixed by #3329 or #3335
Closed

Hide encryption key fetching behind an interface #3304

dmjb opened this issue May 10, 2024 · 0 comments · Fixed by #3329 or #3335
Assignees
@dmjb
Labels
user-story

Comments

@dmjb
Copy link
Member

dmjb commented May 10, 2024

Please describe the enhancement

Place encryption key retrieval behind an interface so that we can create multiple retrieval mechanisms, and select one based on configuration. For example, we may want a secret store which reads straight from a secrets manager instead of reading off disk.

Solution Proposal

Create interface for key retrieval.

Describe alternatives you've considered

No response

Additional context

No response

Acceptance Criteria

No response
dmjb added a commit that referenced this issue May 14, 2024
@dmjb
Initial KeyStore implementation
9fa389f 
Relates to #3304

Implement an interface which hides the specifics of loading an
encryption key. This allows us to use a secret store or a key store
directly in future.

Right now, the implementation uses a single key loaded from the config.
In my next PR, I will generalize it to support multiple keys. This will
require a new config structure.
@dmjb dmjb mentioned this issue May 14, 2024
Merged
10 tasks
@evankanderson evankanderson linked a pull request May 14, 2024 that will close this issue
Initial KeyStore implementation #3329
Merged
10 tasks
dmjb added a commit that referenced this issue May 14, 2024
@dmjb
Initial KeyStore implementation (#3329)
e7f9914 
Relates to #3304

Implement an interface which hides the specifics of loading an
encryption key. This allows us to use a secret store or a key store
directly in future.

Right now, the implementation uses a single key loaded from the config.
In my next PR, I will generalize it to support multiple keys. This will
require a new config structure.
@dmjb dmjb reopened this May 15, 2024
dmjb added a commit that referenced this issue May 15, 2024
@dmjb
Allow KeyStore to be configured with multiple keys
a6634f5 
Fixes #3304

Add a new configuration structure for encryption keys. This allows a
default key and algorithm to be specified, along with fallbacks. A
backwards compatibility mechanism is provided which will allow the
keystore to work with the existing configuration structure.
@dmjb dmjb mentioned this issue May 15, 2024
Merged
10 tasks
dmjb added a commit that referenced this issue May 16, 2024
@dmjb
Allow KeyStore to be configured with multiple keys (#3335)
686930a 
Fixes #3304

Add a new configuration structure for encryption keys. This allows a
default key and algorithm to be specified, along with fallbacks. A
backwards compatibility mechanism is provided which will allow the
keystore to work with the existing configuration structure.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmjb dmjb

Labels
user-story
Projects
None yet
Milestone
No milestone
1 participant
@dmjb