Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added AWS KMS support info #255

Merged
merged 4 commits into from
Aug 1, 2022
Merged

Added AWS KMS support info #255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d3005dc
zhars/add_aws_kms_support
Zhaars Jul 12, 2022
8a6d6fa
Apply suggestions from code review
Zhaars Jul 13, 2022
8e7b52e
zhars/add_aws_kms_support
Zhaars Jul 20, 2022
9e09f2f
zhars/add_aws_kms_support
Zhaars Jul 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-addzone.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,25 @@ weight: 10
Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


### HashiCorp Vault

`acra-addzone` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.
Expand Down
19 changes: 19 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-backup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,25 @@ weight: 9
Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

`acra-backup` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.
Expand Down
28 changes: 28 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keymaker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,34 @@ By default, certificate Distinguished Name is used as ClientID.
Output file is `configs/markdown_acra-keymaker.md`.
Works in a pair with `--dump_config`.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_key_policy=<policy>`

KMS usage key policy.
Supported key policies:
* `create` - create a key encryption key on KMS with name **acra_master_key** (***exit with code 1 if the key already exists***). Being used only with `generate_master_key` flag.

Default is `create`

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


### HashiCorp Vault

`acra-keymaker` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.
Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/destroy.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,24 @@ Since 0.91.0 `acra-keys` **`destroy`** doesn't support destroying keys and will

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/export.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,24 @@ weight: 4

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

Expand Down
17 changes: 17 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/generate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,23 @@ weight: 2

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```

### HashiCorp Vault

Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/import.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,24 @@ weight: 5

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/list.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,24 @@ weight: 1

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/migrate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,24 @@ weight: 6

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

Expand Down
17 changes: 17 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-keys/read.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,23 @@ weight: 3

Password to Redis database.

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```

#### HashiCorp Vault

Expand Down
20 changes: 20 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-log-verifier.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,26 @@ It expects symmetric key to decrypt keys from keystore from `ACRA_MASTER_KEY` e

Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


### HashiCorp Vault

* `--vault_connection_api_string=<url>`
Expand Down
19 changes: 19 additions & 0 deletions ...nt/acra/configuring-maintaining/general-configuration/acra-poisonrecordmaker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,25 @@ weight: 11
Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


### HashiCorp Vault

* `--vault_connection_api_string=<url>`
Expand Down
19 changes: 19 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-rollback.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,25 @@ Rollback utility especially applicable in case of any DB rollback - keys re-gene
Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


### HashiCorp Vault

`acra-addzone` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.
Expand Down
19 changes: 19 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-rotate.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,25 @@ weight: 8
Password to Redis database.


### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```


#### HashiCorp Vault

`acra-rotate` can read `ACRA_MASTER_KEY` from HashiCorp Vault instead of environment variable.
Expand Down
18 changes: 18 additions & 0 deletions content/acra/configuring-maintaining/general-configuration/acra-server/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,24 @@ For additional certificate validation flags, see corresponding pages:
[OCSP](/acra/configuring-maintaining/tls/ocsp/) and
[CRL](/acra/configuring-maintaining/tls/crl/).

### KMS

* `--kms_type=<type>`

Specify your KMS.
Currently supported KMS types:
* `aws` - AWS Key Management Service

* `--kms_credentials_path=<filepath>`

A path to a file with KMS credentials JSON format.

Example of KMS config:
* **AWS**:
```json
{"access_key_id":"<access_key_id>","secret_access_key":"<secret_access_key>","region":"<region>"}
```

### Hashicorp Vault

* `--vault_connection_api_string=<url>`
Expand Down
Loading