[RFE] KMS migration helper #105

romdalf · 2022-06-09T19:11:29Z

-->Is it linked to a user story? (use the "#" to tag the user story)

#50 - Result of Design meeting held on June 9th 2022 with @cvlc @mhmxs @vfiftyfive @rovandep

-->What do we want to build?

Trousseau to migrate from one KMS provider to another

-->Why do we want to build it?

Chaning KMS is not a common operation but if it happens it should done in a smooth and secure way.
As Trousseau is the broker between the k8s api manager and the KMS, it should help in replacing the secrets encrypted with the old KMS with the new KMS.

-->How do we want to design it?

#103 will provide the ability to run contiguous KMS provider plugin in sidecars
This will help to perform a replace transaction in a secure and transparent way.
A safe switch might need to be thought of to handle this migration with a human validation.

romdalf · 2022-07-25T07:30:52Z

Migration scenario is carried within v2.
Documentation has to be writtent.

romdalf added the enhancement New feature or request label Jun 9, 2022

romdalf added this to the KMS Pluging Redesign milestone Jun 9, 2022

romdalf assigned mhmxs, cvlc, romdalf and cannischan Jun 9, 2022

romdalf mentioned this issue Jun 9, 2022

[EPIC] redesign KMS provider plugin #50

Closed

2 tasks

romdalf removed this from the KMS Pluging Redesign - Trousseau v2 milestone Jul 26, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[RFE] KMS migration helper #105

[RFE] KMS migration helper #105

romdalf commented Jun 9, 2022

romdalf commented Jul 25, 2022

[RFE] KMS migration helper #105

[RFE] KMS migration helper #105

Comments

romdalf commented Jun 9, 2022

romdalf commented Jul 25, 2022