search

jkroepke / helm-secrets

A helm plugin that help manage secrets with Git workflow and store them anywhere
https://github.com/jkroepke/helm-secrets/wiki
Apache License 2.0
1.53k stars 129 forks source link

Using AWS KMS asymmetric keys #395

Closed meenaravichandran1 closed 1 year ago

meenaravichandran1 commented 1 year ago

Problem Statement

This is a question rather than an issue.

When I try to encrypt with an asymmetric KMS key I get the following exception:

Could not generate data key: [failed to encrypt new data key with master key "arn:aws:kms:ap-south-1:1234567:key/137axxx3-xxxx-4303-9xxx-c0xxxxxxxd": Failed to call KMS encryption service: InvalidKeyUsageException: Algorithm SYMMETRIC_DEFAULT is incompatible with key spec RSA_3072.]

Is it a limitation of SOPS that only symmetric keys are supported or something could be changed in this project to support asymmetric keys as well?

Proposed Solution

No response

Environment

Additional information

No response

Acceptance Criteria

No response

jkroepke commented 1 year ago

It seems an limitation with sops

https://github.com/getsops/sops/issues/684

helm-secrets also supports vals as backend. https://github.com/helmfile/vals#aws-kms

but it sounds more complicated. With vals, you can only encrypt/decrypt single properties, but not a whole file.