open-nomad/website/content/docs/operations
Tim Gross c9d678a91a
keyring: wrap root key in key encryption key (#14388)
Update the on-disk format for the root key so that it's wrapped with a unique
per-key/per-server key encryption key. This is a bit of security theatre for the
current implementation, but it uses `go-kms-wrapping` as the interface for
wrapping the key. This provides a shim for future support of external KMS such
as cloud provider APIs or Vault transit encryption.

* Removes the JSON serialization extension we had on the `RootKey` struct; this
  struct is now only used for key replication and not for disk serialization, so
  we don't need this helper.

* Creates a helper for generating cryptographically random slices of bytes that
  properly accounts for short reads from the source.

* No observable functional changes outside of the on-disk format, so there are
  no test updates.
2022-08-30 10:59:25 -04:00
..
index.mdx implement mdx remote 2021-01-05 19:02:39 -05:00
key-management.mdx keyring: wrap root key in key encryption key (#14388) 2022-08-30 10:59:25 -04:00
metrics-reference.mdx Return 429 response on HTTP max connection limit (#13621) 2022-07-20 14:12:21 -04:00
monitoring-nomad.mdx Track plan rejection history and automatically mark clients as ineligible (#13421) 2022-07-12 18:40:20 -04:00
nomad-agent.mdx docs: rename Internals to Concepts (#13696) 2022-07-11 16:55:33 -04:00