Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Encryption provider #2346

Closed
gak opened this issue Aug 13, 2024 · 0 comments · Fixed by #2429
Closed

Encryption provider #2346

gak opened this issue Aug 13, 2024 · 0 comments · Fixed by #2429
Assignees
Labels
security relates to security (regardless of priority)

Comments

@gak
Copy link
Contributor

gak commented Aug 13, 2024

Ah I see what you were saying now - that it would have been preferable to inject the fully constructed encryptor.

I think the way to decouple this would be to have a "subkey provider" which the DAL implements. Then you can pass in an encryptor builder, the DAL calls builder.Build(subkeyProvider) to construct the encryptor.

LMK if that needs clarification.

Originally posted by @alecthomas in #2338 (comment)

@github-actions github-actions bot added the triage Issue needs triaging label Aug 13, 2024
@ftl-robot ftl-robot mentioned this issue Aug 13, 2024
github-merge-queue bot pushed a commit that referenced this issue Aug 14, 2024
Fixes #2290 
Follows #2312 
Needs work: #2346 #2348 

> [!CAUTION]
> Will nuke logs and async columns!

- Uses KMS via tink `FTL_KMS_URI`, so `fake-kms://` or `aws-kms://` will
work. Omitting will not encrypt.
- Remove old plaintext keys envs.

---------

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Matt Toohey <[email protected]>
@gak gak added the security relates to security (regardless of priority) label Aug 14, 2024
@gak gak self-assigned this Aug 14, 2024
@github-actions github-actions bot removed the triage Issue needs triaging label Aug 14, 2024
stuartwdouglas pushed a commit to stuartwdouglas/ftl that referenced this issue Oct 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security relates to security (regardless of priority)
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant