Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: initial cloak implementation #2163

Merged
merged 21 commits into from
Aug 7, 2024
Merged

feat: initial cloak implementation #2163

merged 21 commits into from
Aug 7, 2024

Conversation

Ziinc
Copy link
Contributor

@Ziinc Ziinc commented Aug 2, 2024

This PR adds in initial cloak implementation for encryption at rest.
Adds in a new env var that is required LOGFLARE_DB_ENCRYPTION_KEY, and for key rotation the env var is LOGFLARE_DB_ENCRYPTION_KEY_RETIRED.

Only backend config is encrypted for now.

Migration is non-destructive, this version should only add the new column :config_encrypted

Pre-merge todos:

  • manual verification of secrets rolling
  • manual verification of config column migration
  • create PR for config column removal, v 1.8.1
  • add encryption key for all envs

@Ziinc Ziinc force-pushed the feat/cloak-encryption branch from f904076 to 3f8233b Compare August 2, 2024 19:26
Copy link

@staaldraad staaldraad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just some questions and a possible change, but nothing blocking

lib/logflare/vault.ex Outdated Show resolved Hide resolved
lib/logflare/vault.ex Outdated Show resolved Hide resolved
@Ziinc Ziinc force-pushed the feat/cloak-encryption branch from aba1509 to b710426 Compare August 7, 2024 15:26
@Ziinc Ziinc merged commit b1b2613 into main Aug 7, 2024
8 checks passed
@Ziinc Ziinc deleted the feat/cloak-encryption branch August 7, 2024 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants