luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/nomad/structs
History
Tim Gross c9d678a91a
keyring: wrap root key in key encryption key (#14388) 
Update the on-disk format for the root key so that it's wrapped with a unique
per-key/per-server key encryption key. This is a bit of security theatre for the
current implementation, but it uses `go-kms-wrapping` as the interface for
wrapping the key. This provides a shim for future support of external KMS such
as cloud provider APIs or Vault transit encryption.

* Removes the JSON serialization extension we had on the `RootKey` struct; this
  struct is now only used for key replication and not for disk serialization, so
  we don't need this helper.

* Creates a helper for generating cryptographically random slices of bytes that
  properly accounts for short reads from the source.

* No observable functional changes outside of the on-disk format, so there are
  no test updates.
2022-08-30 10:59:25 -04:00
..
config vault: detect namespace change in config reload (#14298) 2022-08-24 17:03:29 -04:00
acl.go acl: make listing RPC and HTTP API a stub return object. (#14211) 2022-08-22 17:20:23 +02:00
acl_test.go acl: make listing RPC and HTTP API a stub return object. (#14211) 2022-08-22 17:20:23 +02:00
alloc.go
alloc_test.go
batch_future.go
batch_future_test.go
bitmap.go
bitmap_test.go
check_test.go cleanup: use constants for on_update values 2022-07-21 13:09:47 -05:00
checks.go cleanup: use constants for on_update values 2022-07-21 13:09:47 -05:00
connect.go
connect_test.go
consul.go
consul_oss.go
consul_oss_test.go
consul_test.go
csi.go Add stage_publish_base_dir field to csi_plugin stanza of a job (#13919) 2022-08-02 09:42:44 -04:00
csi_test.go
devices.go
devices_test.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
diff.go template: custom change_mode scripts (#13972) 2022-08-24 17:43:01 +02:00
diff_test.go template: custom change_mode scripts (#13972) 2022-08-24 17:43:01 +02:00
encoding.go
errors.go acl: add token expiry checking to ACL token resolution. (#13756) 2022-07-15 15:20:50 +02:00
errors_test.go
eval.go
event.go
extensions.go keyring: wrap root key in key encryption key (#14388) 2022-08-30 10:59:25 -04:00
funcs.go core: merge reserved_ports into host_networks (#13651) 2022-07-12 14:40:25 -07:00
funcs_test.go
generate.sh workload identity (#13223) 2022-07-11 13:34:05 -04:00
handlers.go
job.go
job_test.go
keyring.go keyring: wrap root key in key encryption key (#14388) 2022-08-30 10:59:25 -04:00
network.go core: merge reserved_ports into host_networks (#13651) 2022-07-12 14:40:25 -07:00
network_test.go core: merge reserved_ports into host_networks (#13651) 2022-07-12 14:40:25 -07:00
node.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
node_class.go
node_class_test.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
node_test.go
operator.go client: fix data races in config handling (#14139) 2022-08-18 16:32:04 -07:00
search.go rename SecureVariables to Variables throughout 2022-08-26 16:06:24 -04:00
service_identities.go
service_registration.go
service_registration_test.go
services.go cleanup: cleanup more slice-set comparisons 2022-08-29 12:04:21 -05:00
services_test.go cleanup: replace TypeToPtr helper methods with pointer.Of (#14151) 2022-08-17 18:26:34 +02:00
streaming_rpc.go
structs.go Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main 2022-08-30 08:59:13 +01:00
structs_codegen.go
structs_oss.go
structs_periodic_test.go build: run gofmt on all go source files 2022-08-16 11:14:11 -05:00
structs_test.go Merge branch 'main' into f-gh-13120-sso-umbrella-merged-main 2022-08-30 08:59:13 +01:00
testing.go
uuid.go
variables.go keyring: split structs to its own file (#14378) 2022-08-29 14:18:35 -04:00
variables_test.go rename SecureVariables to Variables throughout 2022-08-26 16:06:24 -04:00
vault.go
volume_test.go
volumes.go