Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/envelope pgp #1547

Merged
merged 24 commits into from
Sep 8, 2023
Merged

Feature/envelope pgp #1547

merged 24 commits into from
Sep 8, 2023

Conversation

Alviner
Copy link
Contributor

@Alviner Alviner commented Sep 5, 2023
edited

Database name

Enveloped gpg via yckms was added to WAL mondo/pg/sqlserver

Pull request description

Use Envelope encryption on gpg keys to stop storing the original gpg (dek key) in the system and make possible a painless gpg key rotation.

TBD:

  • clean configure to prevent setting both gpg and encrypted gpg

  • make ttl cache on yckms enveloper

  • make stale cache on yckms envelope

  • docs

  • try to setup yckms mock) it use aws local kms use http(

Alviner
Alviner commented Sep 5, 2023
View reviewed changes
internal/crypto/envelope/enveloper.go

import "io"

//go:generate mockery --name Enveloper --with-expecter=true
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no standart mock gen in project.
Should we make an issue in backlog for that?

Copy link
Member

@usernamedt usernamedt Sep 6, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the current zoo of mock generators is confusing and needs to be fixed eventually. Would appreciate an issue addressing this.

@Alviner Alviner marked this pull request as ready for review September 5, 2023 15:13
@Alviner Alviner requested a review from a team as a code owner September 5, 2023 15:13
Alviner
Alviner commented Sep 6, 2023
View reviewed changes
internal/configure.go Outdated Show resolved Hide resolved
usernamedt
usernamedt requested changes Sep 6, 2023
View reviewed changes
internal/configure.go Outdated Show resolved Hide resolved
internal/configure.go Show resolved Hide resolved
internal/configure.go Outdated Show resolved Hide resolved
internal/crypto/envelope/enveloper.go Outdated Show resolved Hide resolved
internal/crypto/envelope/enveloper/yckms/enveloper.go Outdated Show resolved Hide resolved
usernamedt
usernamedt requested changes Sep 7, 2023
View reviewed changes
internal/config.go Outdated Show resolved Hide resolved
@usernamedt usernamedt merged commit c20716f into wal-g:master Sep 8, 2023
70 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usernamedt usernamedt usernamedt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Alviner @usernamedt