taoensso / tempel

Data security framework for Clojure
https://www.taoensso.com/tempel
Eclipse Public License 1.0
126 stars 2 forks source link

Discuss: Support for automated decrypt / remote unlock for apps - clevis / tang ? #10

Open ieugen opened 8 months ago

ieugen commented 8 months ago

This might be in a companion library but Clevis and Tang implement a protocol for automated decryption (remote unlock).

It might be useful for tempel to support at least the client part if not more.

Clevis and Tang provide a way for a system to decrypt secrets if it's in a specific network or has access to TPM. Seemed quite ingenious to me and worth mentioning in the context of tempel.

Might be useful for starting an application that needs to decrypt a bunch of service (the admin) credentials without requiring user input.

https://github.com/latchset/clevis https://github.com/latchset/tang

ptaoussanis commented 8 months ago

Hi there! I've not heard of either of these before, thanks for the links. Will take a look next time I'm doing batched work on Tempel - though please note that in principle my current plan is to keep Tempel's scope limited to more or less what it does now.

(Which of course doesn't exclude the possibility of interested folks building higher-level protocols on top of it, etc. 👍)

ieugen commented 8 months ago

Thanks, sounds reasonable.