Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

App layer crypto codec #780

Open
wants to merge 135 commits into
base: main
Choose a base branch
from
Open

App layer crypto codec #780

wants to merge 135 commits into from

Conversation

hulto
Copy link
Collaborator

@hulto hulto commented Jun 13, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

  • Adds a custom codec to encrypt the grpc protocol with xchacha20-poly1305
  • Derives a shared key between the server and client by using a diffie hellman key exchange
  • Adds a secrets manager (gcp for prod, yaml file on disk for dev)
  • Stores the server private key in the secrets manager
  • Creates a more locked down service account for cloud run (roles/logging.logWriter, roles/monitoring.metricWriter, roles/cloudsql.client, and roles/secretmanager.secretAccessor@REALM_tavern_encryption_private_key

TODO

  • Add secrets management interface
  • Add secrets impl as a file on disk for debug builds
  • Add GCP Secrets manager to Terraform
  • Add secrets impl in GCP HSM
  • Store crypto private key with secrets management interface
  • Prevent VScode from throwing lint warnings about env!
  • Update docs
  • Cleanup

Which issue(s) this PR fixes:

hulto added 30 commits June 10, 2024 00:31
@hulto
Server side seems good.
52d652e
@hulto
Add rust deps.
1a4b06f
@hulto
Update codegen codec.
091dc2f
@hulto
Add workspace deps
598c132
@hulto
Add xchacha codec
2f37e9e
@hulto
Update manual grpc codec.
30e7347
@hulto
Code gen
bbbdbc6
@hulto
Comment out crypto
d96d1bb
@hulto
Build test case.
86810e7
@hulto
Re-enable crypto
198e592
@hulto
Remove enc.
6058659
@hulto
Debbugging
fb33f5a
@hulto
Build with random password.
d8dcf32
@hulto
Not needed
f161726
@hulto
Add env file.
5635219
@hulto
set env var
e2c2baa
@hulto
Remove test thing.
e96829b
@hulto
Set key with env var or random
f477dcb
@hulto
Update docs.
4b8af08
@hulto
Fix tests?
fb1f77f
@hulto
Abort if key is not set.
399f1d3
@hulto
static defaults are dangerous.
7150c60
@hulto
Remove set key from cicd
b5f908a
@hulto
Add var for encrypt key.
dc5afef
@hulto
Update terraform
fb78e54
@hulto
Fix debug and errors.
1ac96c5
@hulto
Updating warnings.
7c637ae
@hulto
Fix prints
5cb02e9
@hulto
Remove required string.
cdaaf39
@hulto
Revert example tome
6397e69
hulto added 25 commits July 11, 2024 22:37
hulto
hulto commented Jul 11, 2024
View reviewed changes
implants/lib/pb/src/xchacha.rs Outdated Show resolved Hide resolved
@hulto
Copy link
Collaborator Author

hulto commented Jul 12, 2024

An error (new to me) seems to occur intermittently image

Hasn't been an issue the last four commits.
Could have been an issue in the github actions env the other day.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hulto