nomad

kemko/nomad

Fork 0

mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00

Commit Graph

Author	SHA1	Message	Date
Tim Gross	c970d22164	keyring: support external KMS for key encryption key (KEK) (#23580 ) In Nomad 1.4.0, we shipped support for encrypted Variables and signed Workload Identities, but the key material is protected only by a AEAD encrypting the KEK. Add support for Vault transit encryption and external KMS from major cloud providers. The servers call out to the external service to decrypt each key in the on-disk keystore. Ref: https://hashicorp.atlassian.net/browse/NET-10334 Fixes: https://github.com/hashicorp/nomad/issues/14852	2024-07-18 09:42:28 -04:00

Author

SHA1

Message

Date

Tim Gross

c970d22164

keyring: support external KMS for key encryption key (KEK) (#23580 )

In Nomad 1.4.0, we shipped support for encrypted Variables and signed Workload
Identities, but the key material is protected only by a AEAD encrypting the
KEK. Add support for Vault transit encryption and external KMS from major cloud
providers. The servers call out to the external service to decrypt each key in
the on-disk keystore.

Ref: https://hashicorp.atlassian.net/browse/NET-10334
Fixes: https://github.com/hashicorp/nomad/issues/14852

2024-07-18 09:42:28 -04:00

1 Commits