Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Satellite-managed encryption passphrase: Backend updates #6915

Open
Tracked by #6912
mobyvb opened this issue Apr 17, 2024 · 2 comments
Open
Tracked by #6912

Satellite-managed encryption passphrase: Backend updates #6915

mobyvb opened this issue Apr 17, 2024 · 2 comments
Assignees
@wilfred-asomanii

Comments

@mobyvb
Copy link
Member

mobyvb commented Apr 17, 2024
edited

Support creating these types of projects via API if config is enabled

Use KMS credentials to request master key from KMS

  • ensure there is an easy way to test in storj-up/testing environments even without a dedicated KMS

If a new "satellite-managed encryption" project is created:

  • generate a cryptographically random passphrase
  • encrypt this passphrase into projects.passphrase_enc, using the master key from the KMS
  • set projects.path_encryption to true
@mobyvb mobyvb mentioned this issue Apr 17, 2024
Open
@mobyvb mobyvb changed the title Backend updates for satellite-managed encryption passphrase - support creating these types of projects via API if config is enabled (including creating and storing random encrypted passphrase in DB) Satellite-managed encryption passphrase: Backend updates Apr 17, 2024
@mobyvb mobyvb added the Needs Estimation Issue still needs story pointing label Apr 17, 2024
@NiaStorj NiaStorj removed the Needs Estimation Issue still needs story pointing label Apr 18, 2024
@wilfred-asomanii wilfred-asomanii self-assigned this Apr 24, 2024
@storj-gerrit
Copy link

storj-gerrit bot commented Apr 24, 2024

Change satellite/{console,kms}: add setup for kms mentions this issue.

@storj-gerrit
Copy link

storj-gerrit bot commented Apr 26, 2024

Change satellite/{console,db}: create satellite managed encryption projects mentions this issue.

storjBuildBot pushed a commit that referenced this issue May 22, 2024
@wilfred-asomanii
satellite/{console,kms}: add setup for kms
e5e626a 
Add config values for enabling satellite managed encryption and setting
the master key version to fetch from Google secret manager. It adds a
mock Google secret manager client to ensure the key management service
can work without it.

Issue: #6914
Related: #6915

Change-Id: I3c8116291f7794100ab8c27737de59e75913c8e4
storjBuildBot pushed a commit that referenced this issue May 22, 2024
@wilfred-asomanii
satellite/{console,db}: create satellite managed encryption projects
211e27f 
This change allows for projects to be created with satellite managed encryption enabled.

Issue: #6915

Change-Id: I2675d23d2aa58b3c2b80ade36a9bee5466d8a2e4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wilfred-asomanii wilfred-asomanii

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mobyvb @wilfred-asomanii @NiaStorj