Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support pre-defined sets of keys #150

Open
akhon opened this issue Apr 12, 2019 · 3 comments
Open

Support pre-defined sets of keys #150

akhon opened this issue Apr 12, 2019 · 3 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@akhon
Copy link
Contributor

akhon commented Apr 12, 2019

We have to use predefined sets of keys to encrypt/decrypt secrets to get keys control hardened.
So, would be awesome to use full arn (we use AWS KMS) sets of keys in values and not create new ones
@omerlh
Copy link
Contributor

omerlh commented Apr 13, 2019

Interesting. We can support this, but this will make the encryption weaker - currently, there is one key per service account/namespace combination. How would you imagine this setup? Having a static mapping of service accounts/namespace to ARNs?

@akhon
Copy link
Contributor Author

akhon commented Apr 15, 2019

Having a static mapping of service accounts/namespace to ARNs?

yep, that would be a good starting point, or might be like this: use default KMS key + static mapping of namespaces-keys

@omerlh
Copy link
Contributor

omerlh commented Apr 15, 2019

Interesting feature. A PR will be appreciated here :)

@omerlh omerlh added enhancement New feature or request help wanted Extra attention is needed labels Apr 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akhon @omerlh