Page MenuHomeDevCentral
Differential D2772

Create an encryption key for autounseal
ClosedPublic
Actions

Authored by DorianWinty on Feb 3 2023, 16:00.
Tags
None
Referenced Files
F24986156: D2772.id7045.diff
Mon, Mar 23, 12:11
F24985255: D2772.id7045.diff
Mon, Mar 23, 10:36
F24984261: D2772.id10233.diff
Mon, Mar 23, 08:19
F24984260: D2772.id10229.diff
Mon, Mar 23, 08:19
F24984258: D2772.id10230.diff
Mon, Mar 23, 08:19
F24980800: D2772.diff
Mon, Mar 23, 01:53
Unknown Object (File)
Sat, Mar 21, 15:11
Unknown Object (File)
Fri, Mar 20, 21:22
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1755: Deploy Notifications Center test environnement
Commits
rOPS3283f1bf56b6: Create an encryption key for autounseal
Summary

This encryption key will permit to configure the autounseal of a dev vault.

Ref T1755

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
arcpatch-D2639
Build Status
Buildable 4397
Build 4664: arc lint + arc unit

Event Timeline

DorianWinty requested review of this revision.Feb 3 2023, 16:00
DorianWinty created this revision.
Harbormaster completed remote builds in B4397: Diff 7045.Feb 3 2023, 16:00
DorianWinty edited the summary of this revision. (Show Details)Feb 3 2023, 16:01
DorianWinty added a task: T1755: Deploy Notifications Center test environnement.
dereckson added a comment.Feb 11 2026, 21:34

This change is on the top of D2639 and D2771.

dereckson edited the summary of this revision. (Show Details)Feb 11 2026, 21:43
dereckson updated this revision to Diff 10229.Feb 11 2026, 22:42

Rebased against D2639 and D2771.

Harbormaster completed remote builds in B6305: Diff 10229.Feb 11 2026, 22:42
dereckson updated this revision to Diff 10230.Feb 11 2026, 22:42

Rebased against D2639 and D2771 (the right one).

Harbormaster completed remote builds in B6306: Diff 10230.Feb 11 2026, 22:42
dereckson added a comment.Feb 11 2026, 22:43

Once rebased, this change creates the autounseal transit key in our Complector Vault.

I ran it, so we're up-to-date:

WindRiver
$ vault write -f transit/keys/autounseal        

Key                       Value
---                       -----
allow_plaintext_backup    false
auto_rotate_period        0s
deletion_allowed          false
derived                   false
exportable                false
imported_key              false
keys                      map[1:1770845902]
latest_version            1
min_available_version     0
min_decryption_version    1
min_encryption_version    0
name                      autounseal
supports_decryption       true
supports_derivation       true
supports_encryption       true
supports_signing          false
type                      aes256-gcm96
dereckson accepted this revision.Feb 11 2026, 22:43
This revision is now accepted and ready to land.Feb 11 2026, 22:43
Closed by commit rOPS3283f1bf56b6: Create an encryption key for autounseal (authored by DorianWinty). · Explain WhyFeb 12 2026, 06:31
This revision was automatically updated to reflect the committed changes.
DorianWinty added a commit: rOPS3283f1bf56b6: Create an encryption key for autounseal.

Revision Contents
Changeset List

PathSize
pillar/
credentials/
1 line
roles/
vault/
bootstrap/
files/
112 lines
33 lines
10 lines
policies/
files/
34 lines

Diff 7045

View Options

pillar/credentials/vault.sls

Loading...
View Options

roles/vault/bootstrap/files/vault-initialize.sh

Loading...
View Options

roles/vault/bootstrap/init.sls

Loading...
View Options

roles/vault/init.sls

Loading...
View Options

roles/vault/policies/files/vault_bootstrap.hcl

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator