Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Track barrier encryptions and rotate when an operation threshold or time limit is reached. #10774

Closed
wants to merge 35 commits into from
Closed

Track barrier encryptions and rotate when an operation threshold or time limit is reached. #10774

wants to merge 35 commits into from
+602 −171

Conversation

sgmiller
Copy link
Collaborator

One note on the design here: Checking when to rotate is done as encryptions
happen, to avoid needing a goroutine whose lifecycle we'd need to manage.
But as a result, this requires the AESGCMBarrier have access to the random
generator. I did this via a factory pattern, but it's in contrast to the
existing SecurityBarrier interface which passes in the random reader to all
calls that need it.

@vercel
Copy link

vercel bot commented Jan 26, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.

vault-storybook – ./ui

🔍 Inspect: https://vercel.com/hashicorp/vault-storybook/kb61e5yrg
✅ Preview: Canceled

[Deployment for 9779f47 canceled]

@sgmiller sgmiller changed the base branch from master to barrier_aes_rotation_config January 26, 2021 16:17
@sgmiller sgmiller changed the base branch from barrier_aes_rotation_config to master January 26, 2021 16:18
@sgmiller sgmiller added this to the 1.7 milestone Jan 26, 2021
HridoyRoy
HridoyRoy suggested changes Jan 28, 2021
View reviewed changes
internalshared/configutil/barrier.go Outdated Show resolved Hide resolved
internalshared/configutil/barrier.go Outdated Show resolved Hide resolved
vault/barrier_aes_gcm.go Outdated Show resolved Hide resolved
vault/barrier_aes_gcm.go Outdated Show resolved Hide resolved
vault/barrier_aes_gcm.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault January 28, 2021 14:15 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook January 28, 2021 14:15 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 1, 2021 16:46 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 1, 2021 16:46 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 2, 2021 17:57 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 2, 2021 17:57 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 2, 2021 18:42 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 2, 2021 18:42 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 2, 2021 18:45 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 2, 2021 18:45 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 2, 2021 18:49 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 2, 2021 18:49 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 2, 2021 21:08 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 2, 2021 21:08 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 4, 2021 16:59 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 4, 2021 16:59 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 4, 2021 17:15 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 4, 2021 17:15 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 4, 2021 19:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 4, 2021 19:28 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 4, 2021 21:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 4, 2021 21:26 Inactive
@sgmiller
Copy link
Collaborator Author

sgmiller commented Feb 9, 2021

Just a note to review this on the ENT branch. This will be updated with the OSS portions after review feedback/change iteration.

@sgmiller sgmiller closed this Mar 3, 2021
@sgmiller sgmiller deleted the barrier_aes_encryption_tracking branch March 3, 2021 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HridoyRoy HridoyRoy HridoyRoy requested changes

@briankassouf briankassouf Awaiting requested review from briankassouf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.7
Development

Successfully merging this pull request may close these issues.
2 participants
@sgmiller @HridoyRoy