Page MenuHomeDevCentral
Differential D2772

Create an encryption key for autounseal
ClosedPublic
Actions

Authored by DorianWinty on Feb 3 2023, 16:00.
Tags
None
Referenced Files
F24419621: D2772.id10230.diff
Fri, Feb 20, 02:08
F24405755: D2772.id10233.diff
Thu, Feb 19, 13:03
Unknown Object (File)
Thu, Feb 19, 07:19
Unknown Object (File)
Wed, Feb 18, 18:14
Unknown Object (File)
Wed, Feb 18, 04:30
Unknown Object (File)
Wed, Feb 18, 04:24
Unknown Object (File)
Tue, Feb 17, 16:00
Unknown Object (File)
Sat, Feb 7, 15:14
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1755: Deploy Notifications Center test environnement
Commits
rOPS3283f1bf56b6: Create an encryption key for autounseal
Summary

This encryption key will permit to configure the autounseal of a dev vault.

Ref T1755

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

DorianWinty requested review of this revision.Feb 3 2023, 16:00
DorianWinty created this revision.
Harbormaster completed remote builds in B4397: Diff 7045.Feb 3 2023, 16:00
DorianWinty edited the summary of this revision. (Show Details)Feb 3 2023, 16:01
DorianWinty added a task: T1755: Deploy Notifications Center test environnement.
dereckson added a comment.Wed, Feb 11, 21:34

This change is on the top of D2639 and D2771.

dereckson edited the summary of this revision. (Show Details)Wed, Feb 11, 21:43
dereckson updated this revision to Diff 10229.Wed, Feb 11, 22:42

Rebased against D2639 and D2771.

Harbormaster completed remote builds in B6305: Diff 10229.Wed, Feb 11, 22:42
dereckson updated this revision to Diff 10230.Wed, Feb 11, 22:42

Rebased against D2639 and D2771 (the right one).

Harbormaster completed remote builds in B6306: Diff 10230.Wed, Feb 11, 22:42
dereckson added a comment.Wed, Feb 11, 22:43

Once rebased, this change creates the autounseal transit key in our Complector Vault.

I ran it, so we're up-to-date:

WindRiver
$ vault write -f transit/keys/autounseal        

Key                       Value
---                       -----
allow_plaintext_backup    false
auto_rotate_period        0s
deletion_allowed          false
derived                   false
exportable                false
imported_key              false
keys                      map[1:1770845902]
latest_version            1
min_available_version     0
min_decryption_version    1
min_encryption_version    0
name                      autounseal
supports_decryption       true
supports_derivation       true
supports_encryption       true
supports_signing          false
type                      aes256-gcm96
dereckson accepted this revision.Wed, Feb 11, 22:43
This revision is now accepted and ready to land.Wed, Feb 11, 22:43
Closed by commit rOPS3283f1bf56b6: Create an encryption key for autounseal (authored by DorianWinty). · Explain WhyThu, Feb 12, 06:31
This revision was automatically updated to reflect the committed changes.
DorianWinty added a commit: rOPS3283f1bf56b6: Create an encryption key for autounseal.

Revision Contents
Changeset List

PathSize
roles/
vault/
bootstrap/
files/
8 lines

Diff 10233

View Options

roles/vault/bootstrap/files/vault-initialize.sh

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator