Use data envelope encryption for gkms/awskms

kapicorp / kapitan

Generic templated configuration management for Kubernetes, Terraform and other things

https://kapitan.dev

Apache License 2.0

1.8k stars 197 forks source link

Use data envelope encryption for gkms/awskms #212

Open adrianchifor opened 5 years ago

adrianchifor commented 5 years ago

Cloud KMS quotas are easily hit when we have a lot of secrets as it does a decrypt operation per file. We need to generate an envelope key per target and use that for encrypting the secrets in that target.

yoshi-1224 commented 5 years ago

@adrianchifor This one looks interesting! I will take a look

adrianchifor commented 5 years ago

I have an implementation for this which I will push in the following weeks.

uberspot commented 5 years ago

I have some python code that implements data envelope encryption as well for aws. Let me know before starting work on this so we merge the efforts. :+1:

github-actions[bot] commented 3 weeks ago

This issue is stale because it has been open for 1 year with no activity. Remove the stale label or comment if this issue is still relevant for you. If not, please close it yourself.