mirror of
https://github.com/kemko/nomad.git
synced 2026-01-05 09:55:44 +03:00
9b3c38b3ed
`rsadecrypt` uses PKCS #1 v1.5 padding which has multiple known weaknesses. While it is possible to use safely in Nomad, we should not encourage our users to use bad cryptographic primitives. If users want to decrypt secrets in jobspecs we should choose a cryptographic primitive designed for that purpose. `rsadecrypt` was inherited from Terraform which only implemented it to support decrypting Window's passwords on AWS EC2 instances: https://github.com/hashicorp/terraform/pull/16647 This is not something that should ever be done in a jobspec, therefore there's no reason for Nomad to support this HCL2 function.