Closed LouisFettet closed 6 years ago
@robertfairhead @oren
I made a few schema changes: changed configuration version column to identity, and removed the now obsolete config_vars table. Afterwards I ran make models
but didn't see any changes to the models. Is something wrong or is that expected?
I completed these two items from the original comment above:
On configuration read and on application deployment, grab encrypted configurations from S3 and decrypt them using KMS. Remove the configurations table from the database since it is no longer needed after the above tasks are completed.
The other improvements mentioned from #154 are still open – I'll tackle them in a future PR.
I also reworked the DeleteConfiguration
function to work with our new storage, although that hasn't actually been implemented on the frontend yet.
Let me know if there's anything that's not idiomatic or if you want me to reorganize this in any way!
Work Completed:
network
setup stage. This key will be used to encrypt and decrypt all configurations for that particular application across all its environments. Give the key some tags and an alias so that it is easily identifiable.aws_encryption_key_arn
, has been added to theapplications
table of the database.Work Not Yet Completed:
Future Work (some of which is outside the scope of one PR)
configurations
table from the database since it is no longer needed after the above tasks are completed.From @paulsmith in #154:
Miscellaneous Notes (not sure where else to put this)
All non-Amazon KMS key aliases must begin with
alias/
. KMS cannot have two keys with the same alias (regardless of whether they are enabled or disabled).An AWS user cannot remove or edit an alias from the AWS console, but this is possible using the AWS CLI, like so:
aws kms delete-alias --alias-name alias/<ALIAS_NAME>
You can view the available keys with their aliases by running:
aws kms list aliases
I found this post to be pretty helpful when getting started with the AWS KMS Go SDK since our use-case is pretty simple.
Last Update: 11/13/2017