Skip to content

Decrypting the user data on the cluster in an easier way #2162

Answered by jimmykarily
firstdorsal asked this question in Q&A
Discussion options

You must be logged in to vote

Thanks for clarifying this @firstdorsal . Since you are going to implement some part of it, one option would be to write your own version of the challenger: https://github.com/kairos-io/kcrypt-challenger/blob/main/pkg/challenger/challenger.go#L215

Basically you need to implement the 2 endpoints /postPass and getPass which are requested by the client. You may be able to get away with just implementing /getPass endpoint which is the first one the client tries to reach: https://github.com/kairos-io/kcrypt-challenger/blob/c42e66a9de78193479e4c15ab5178cb0a60d357f/cmd/discovery/client/client.go#L97

By doing this, you have full control over what the KMS does, how it stores the passphrase, whethe…

Replies: 1 comment 10 replies

Comment options

You must be logged in to vote
10 replies
@firstdorsal
Comment options

@jimmykarily
Comment options

Answer selected by firstdorsal
@firstdorsal
Comment options

@firstdorsal
Comment options

@jimmykarily
Comment options

@firstdorsal
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants