coreos / tectonic-forum

Apache License 2.0
30 stars 9 forks source link

AWS KMS encryption #129

Open mitom opened 7 years ago

mitom commented 7 years ago

Environment

AWS

Desired Feature

Option for terraform to either create a new KMS key or use an existing one specified in the config and encrypt the EBS volumes with it. Maybe even encrypt the assets zip in S3 as well since it contains things like the license key?

Other Information

-

sym3tri commented 7 years ago

For the 2nd part of your request:

We are using S3's server-side-encryption. All TLS assets are stored in S3, encrypted at rest, and encrypted over TLS during transport.

https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html

haowang-itm commented 6 years ago

I just took a look at the assets bucket and didn't find encryption enabled. Is there anything changed in Tectonic?