Generate and store a sealed encryption key for snapshots #32841
Merged
+405
−40
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Depends on internal PR.
This implements the design we discussed. In simplified terms, the config server
generates a unique encryption key for each snapshot. A sealed variant (the
public part) of this key is then stored in ZooKeeper, along with the version
number of the private key used to seal the key. The private key itself is stored
in a
TypedSecretStore.A node/host that satisfies the node filter can request a copy of the shared key,
sealed with a public key presented by the client. The host then unseals this
shared key locally and uses it to encrypt/decrypt snapshot data. While this
doesn't provide any security itself, it provides some other benefits:
storing the snapshot data
to the encryption key
boundaries
@tokle