Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encryption: support AWS KMS backend #7173

Merged
merged 18 commits into from Apr 5, 2020
Merged

encryption: support AWS KMS backend #7173

merged 18 commits into from Apr 5, 2020

Conversation

overvenus
Copy link
Member

What have you changed?

Using AWS KMS service to encrypt and decrypt key dict.

What is the type of the changes?

  • New feature (a change which adds functionality)

How is the PR tested?

  • Unit test

Does this PR affect documentation (docs) or should it be mentioned in the release notes?

Yes.

Does this PR affect tidb-ansible?

No.

@overvenus
encryption: basic AWS KMS support
dccae46 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: add encryption cli
bf7caf2 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryptoin: generate master from KMS
d4b4384 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: refine encryption cli
235a8e8 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: add KMS vendor to metadata
e41ea88 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: upgrade rusoto_kms
4ed0880 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: use structopt instead of clap
a5239ea 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: add license header
1bd64e5 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus overvenus added the component/security Component: Security label Mar 20, 2020
@overvenus
address lints
10629fc 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
Merge branch 'master' into kms2
f379636
@overvenus
encryption: use rusoto util to create KMS client
18a2204 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: share common encrytion backend between file and kms
0d422e1 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: attach ciphertext key to metdata
4f4445a 
Signed-off-by: Neil Shen <overvenus@gmail.com>
yiwu-arbug
yiwu-arbug approved these changes Mar 31, 2020
View reviewed changes
Copy link
Contributor

@yiwu-arbug yiwu-arbug left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Merge with #7173 and we are good to go.

@overvenus
Merge branch 'master' into kms2
160f03f 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
Merge branch 'master' into kms2
5d25c8e 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: add kms config test
e6af572 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus
encryption: address clippy lints
5a41cb2 
Signed-off-by: Neil Shen <overvenus@gmail.com>
@yiwu-arbug
Copy link
Contributor

/run-all-tests

@yiwu-arbug yiwu-arbug requested a review from hicqu April 1, 2020 04:42
@overvenus overvenus merged commit 4a6f588 into tikv:master Apr 5, 2020
@overvenus overvenus deleted the kms2 branch April 5, 2020 12:07
overvenus added a commit to overvenus/tikv that referenced this pull request Apr 15, 2020
@overvenus
encryption: support AWS KMS backend (tikv#7173)
9629675 
* encryption: basic AWS KMS support

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryptoin: generate master from KMS

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: refine encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add KMS vendor to metadata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: upgrade rusoto_kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use structopt instead of clap

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add license header

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use rusoto util to create KMS client

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: share common encrytion backend between file and kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: attach ciphertext key to metdata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add kms config test

Signed-off-by: Neil Shen <overvenus@gmail.com>
@overvenus overvenus mentioned this pull request Apr 15, 2020
Merged
overvenus added a commit to overvenus/tikv that referenced this pull request Apr 15, 2020
@overvenus
encryption: support AWS KMS backend (tikv#7173)
9c1760f 
* encryption: basic AWS KMS support

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryptoin: generate master from KMS

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: refine encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add KMS vendor to metadata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: upgrade rusoto_kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use structopt instead of clap

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add license header

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use rusoto util to create KMS client

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: share common encrytion backend between file and kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: attach ciphertext key to metdata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add kms config test

Signed-off-by: Neil Shen <overvenus@gmail.com>
c1ay pushed a commit to c1ay/tikv that referenced this pull request May 9, 2020
@overvenus @c1ay
encryption: support AWS KMS backend (tikv#7173)
4dc36b0 
* encryption: basic AWS KMS support

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryptoin: generate master from KMS

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: refine encryption cli

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add KMS vendor to metadata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: upgrade rusoto_kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use structopt instead of clap

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add license header

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: use rusoto util to create KMS client

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: share common encrytion backend between file and kms

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: attach ciphertext key to metdata

Signed-off-by: Neil Shen <overvenus@gmail.com>

* encryption: add kms config test

Signed-off-by: Neil Shen <overvenus@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yiwu-arbug yiwu-arbug yiwu-arbug approved these changes

@hicqu hicqu hicqu approved these changes

@hunterlxt hunterlxt Awaiting requested review from hunterlxt

Assignees
No one assigned
Labels
component/security Component: Security
Projects
Encryption-At-Rest (TDE)
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@overvenus @yiwu-arbug @hicqu