encryptionconfig

package
v0.0.0-...-6018a90 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 14 Imported by: 17

Documentation

Index

Constants

View Source
const EncryptionConfSecretKey = "encryption-config"

EncryptionConfSecretKey is the map data key used to store the raw bytes of the final encryption config.

View Source
const EncryptionConfSecretName = "encryption-config"

EncryptionConfSecretName is the name of the final encryption config secret that is revisioned per apiserver rollout.

Variables

This section is empty.

Functions

func FromEncryptionState

FromEncryptionState converts state to config.

func FromSecret

func FromSecret(encryptionConfigSecret *corev1.Secret) (*apiserverconfigv1.EncryptionConfiguration, error)

func ToEncryptionState

func ToEncryptionState(encryptionConfig *apiserverconfigv1.EncryptionConfiguration, keySecrets []*corev1.Secret) (map[schema.GroupResource]state.GroupResourceState, []state.KeyState)

ToEncryptionState converts config to state. Read keys contain a potential write key. Read keys are sorted, recent first.

It assumes: - the first provider provides the write key - the structure of the encryptionConfig matches the output generated by FromEncryptionState:

  • one resource per provider
  • one key per provider
  • each resource has a distinct configuration with zero or more key based providers and the identity provider.
  • the last providers might be of type aesgcm. Then it carries the names of identity keys, recent first. We never use aesgcm as a real key because it is unsafe.

func ToSecret

func ToSecret(ns, name string, encryptionCfg *apiserverconfigv1.EncryptionConfiguration) (*corev1.Secret, error)

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL