Secrets encryption from CLI #141
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
revanth0212
requested changes
Jun 20, 2024
src/commands/api-mesh/create.js
Outdated
Comment on lines
116
to
117
| const publicKey = await getPublicEncryptionKey(imsOrgCode); | ||
| const secretsData = await interpolateSecrets(secretsFilePath, this); |
There was a problem hiding this comment.
Suggested change
| const publicKey = await getPublicEncryptionKey(imsOrgCode); | |
| const secretsData = await interpolateSecrets(secretsFilePath, this); | |
| const secretsData = await interpolateSecrets(secretsFilePath, this); | |
| const publicKey = await getPublicEncryptionKey(imsOrgCode); |
I woluld switch them because if interpolateSecrets failed due to any error, there wont be any use for the publicKey. Lets avoid unnecessary fetches where possible.
There was a problem hiding this comment.
Done, addressed in latest commit
src/commands/api-mesh/update.js
Outdated
Comment on lines
122
to
123
| const publicKey = await getPublicEncryptionKey(imsOrgCode); | ||
| const secretsData = await interpolateSecrets(secretsFilePath, this); |
There was a problem hiding this comment.
Suggested change
| const publicKey = await getPublicEncryptionKey(imsOrgCode); | |
| const secretsData = await interpolateSecrets(secretsFilePath, this); | |
| const secretsData = await interpolateSecrets(secretsFilePath, this); | |
| const publicKey = await getPublicEncryptionKey(imsOrgCode); |
Same as before
There was a problem hiding this comment.
Done, addressed in latest commit
src/utils.js
Outdated
| * @param publicKey Public key for (AES + RSA) encryption | ||
| * @param secrets Secrets Data that needs encryption | ||
| */ | ||
| async function encryptSecret(publicKey, secrets) { |
There was a problem hiding this comment.
Suggested change
| async function encryptSecret(publicKey, secrets) { | |
| async function encryptSecrets(publicKey, secrets) { |
There was a problem hiding this comment.
Done, addressed in latest commit
src/utils.js
Outdated
| async function encryptSecret(publicKey, secrets) { | ||
| if (!publicKey || typeof publicKey !== 'string' || !publicKey.trim()) { | ||
| throw new Error( | ||
| chalk.red('Something went wrong in secerts encryption. Invalid publicKey provided.'), |
There was a problem hiding this comment.
Suggested change
| chalk.red('Something went wrong in secerts encryption. Invalid publicKey provided.'), | |
| chalk.red('Unable to encrypt secerts. Invalid Public Key.'), |
There was a problem hiding this comment.
Done, addressed in latest commit
src/utils.js
Outdated
Comment on lines
532
to
533
| logger.error('Error generating AES key, IV OR encryption package:', error.message); | ||
| throw new Error(chalk.red(`Failed to generate encryption parameters. Please try again.`)); |
There was a problem hiding this comment.
Suggested change
| logger.error('Error generating AES key, IV OR encryption package:', error.message); | |
| throw new Error(chalk.red(`Failed to generate encryption parameters. Please try again.`)); | |
| logger.error('Unable to encrypt secrets. Please try again. :', error.message); | |
| throw new Error(`Unable to encrypt secerts. ${error.message}`); |
There was a problem hiding this comment.
Done, addressed in latest commit
src/lib/devConsole.js
Outdated
Comment on lines
1007
to
1009
| let errorMessage = `Failed to load encryption keys. Please contact support.`; | ||
| logger.error(`${errorMessage}. Received ${response.status} response instead of 200`); | ||
| throw new Error(chalk.red(errorMessage)); |
There was a problem hiding this comment.
Suggested change
| let errorMessage = `Failed to load encryption keys. Please contact support.`; | |
| logger.error(`${errorMessage}. Received ${response.status} response instead of 200`); | |
| throw new Error(chalk.red(errorMessage)); | |
| let errorMessage = `Failed to load encryption keys. Please contact support.`; | |
| logger.error(`${errorMessage}. Received ${response.status}, expected 200`); | |
| throw new Error(chalk.red(errorMessage)); |
There was a problem hiding this comment.
Done, addressed in latest commit
src/lib/devConsole.js
Outdated
| throw new Error(chalk.red(errorMessage)); | ||
| } | ||
| } catch (error) { | ||
| let errorMessage = `Something went wrong in secerts encryption. Please try after some time.`; |
There was a problem hiding this comment.
Suggested change
| let errorMessage = `Something went wrong in secerts encryption. Please try after some time.`; | |
| let errorMessage = `Something went wrong while encrypting secrets. Please try again.`; |
There was a problem hiding this comment.
Done, addressed in latest commit
revanth0212
approved these changes
Jun 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR is to encrypt secrets data from CLI. Whenever a
createORupdatecommand will be executed with--secretsfollowed by a secrets yaml file, we need to encrypt the secrets data before sending it over.Related Issue
https://jira.corp.adobe.com/browse/CEXT-3188
(point 3)
Motivation and Context
This change is required for secrets encryption.
How Has This Been Tested?
aio plugins link . in this PR branch, make sure the endpoint returns the public key
aio api-mesh create mesh.json --secrets mysecrets.yaml
aio api-mesh update mesh.json --secrets mysecrets.yaml
Screenshots (if appropriate):
Types of changes
Checklist: