Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[USERSTORY] expand support to multiple KMS providers #5

Closed
romdalf opened this issue Oct 25, 2021 · 3 comments
Closed

[USERSTORY] expand support to multiple KMS providers #5

romdalf opened this issue Oct 25, 2021 · 3 comments
Assignees
@mhmxs
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@romdalf
Copy link
Contributor

romdalf commented Oct 25, 2021
edited
Loading

Is it linked to a user story? (use the "#" to tag the user story)
#2 #3 #4

What do we want to build?
An universal KMS provider plugin for Kubernetes (see https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/) for more details.

Why do we want to build it?
To provide a Kubernetes native way to handle secrets, new and existing, without the need to deploy heavy components.

How do we want to design it?

  • simple, light, and respectful of the Kubernetes KMS provider definition (see https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/).
  • based on the encryption envelope scheme mechanism
  • should be transparent for the users
  • a first version would support Hashicorp Vault as KMS to store the key used for encryption/decryption
  • a first version would support self-hosted Kubernetes due to the need to restart the kube-apiserver with specific parameter "--encryption-provider-config"
@romdalf romdalf changed the title [TASK] [USERSTORY] universal KMS provider Oct 25, 2021
This was referenced Oct 25, 2021
Closed
Closed
Closed
@romdalf romdalf linked a pull request Nov 28, 2021 that will close this issue
PR first release #14
Merged
@romdalf romdalf removed a link to a pull request Nov 28, 2021
PR first release #14
Merged
@cannischan cannischan moved this to Todo in Trousseau Feb 23, 2022
@romdalf romdalf added enhancement New feature or request help wanted Extra attention is needed labels Mar 6, 2022
@romdalf romdalf changed the title [USERSTORY] universal KMS provider [USERSTORY] expand support to multiple KMS providers Mar 7, 2022
@cannischan
Copy link
Contributor

Review https://github.com/mozilla/sops to look at how to expand platform support

@cannischan
Copy link
Contributor

cannischan commented Mar 7, 2022
edited by romdalf
Loading

  • Draw architectural diagram @rovandep
  • Estimate effort for Google KMS - prioritised
  • Estimate effort for AWS - next item

@cannischan cannischan moved this from Todo to In Progress in Trousseau Mar 7, 2022
@mhmxs mhmxs self-assigned this Jun 7, 2022
@romdalf romdalf mentioned this issue Jun 9, 2022
Closed
2 tasks
@romdalf
Copy link
Contributor Author

romdalf commented Jun 12, 2022

This userstory has been subject to our design meeting for v2 on Thursday June 9th 2022 leading the following milestone: https://github.com/ondat/trousseau/milestone/2

See: #50 for up-to-date details

@romdalf romdalf closed this as completed Jun 12, 2022
Repository owner moved this from In Progress to Done in Trousseau Jun 12, 2022
@romdalf romdalf removed this from the KMS Pluging Redesign - Trousseau v2 milestone Jun 12, 2022
@romdalf romdalf removed this from Trousseau Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mhmxs mhmxs

Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mhmxs @romdalf @cannischan