Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOPS GPG Key Management #586

Closed
eak13 opened this issue Jun 22, 2021 · 2 comments
Closed

SOPS GPG Key Management #586

eak13 opened this issue Jun 22, 2021 · 2 comments
Assignees
@aodinokov
Labels
design needed New Design or Redesign required enhancement New feature or request
Milestone
v2.1

Comments

@eak13
Copy link

eak13 commented Jun 22, 2021

Problem description
We currently do not have a robust solution for storing & managing the SOPS GPG keys that are used for encryption & decryption within Airship. Current downstream implementations involve generating & storing secrets through Jenkins pipelines and are less than ideal.

Proposed change
Define an integration solution to provide GPG key management. It should be a system that provides certain capabilities like secure key storage, role based access control (RBAC), key distribution, mutating admission control and/or controller that injects keys as needed.

One of the main options include Vault:
https://www.vaultproject.io/docs/platform/k8s
https://github.com/hashicorp/vault-k8s

While this issue may also be used to implement, the main purpose is to provide the design & approach for GPG key management.

Potential impacts
Need to ensure that encryption keys are securely stored and only accessible by authorized personnel.
@eak13 eak13 added enhancement New feature or request triage Needs evaluation by project members design needed New Design or Redesign required labels Jun 22, 2021
@eak13 eak13 added this to the Future milestone Jun 22, 2021
@jezogwza jezogwza removed the triage Needs evaluation by project members label Jun 23, 2021
@jezogwza jezogwza modified the milestones: Future, v2.1 Jul 7, 2021
@aodinokov
Copy link

I can work on it

@aodinokov
Copy link

I've demonstrated the approach on the design call. now this PR is ready for review: https://review.opendev.org/c/airship/airshipctl/+/806992

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aodinokov aodinokov

Labels
design needed New Design or Redesign required enhancement New feature or request
Projects
None yet
Milestone
v2.1
Development

No branches or pull requests
3 participants
@aodinokov @eak13 @jezogwza