Support Vault for encryption #291
Comments
|
Are any of the core team able to provide some pointers on how this should be implemented. My team might be able to take a stab at this if we can get some help. |
|
Sure! Depending on what you want, you either have to implement the Cipher interface (see example) or the MasterKey interface (see example). The former would make Vault an alternative for AES, whereas the latter would make it an alternative for GPG/KMS. Is this enough to get you started? |
|
Has there been any further work on this issue? |
|
The core team isn't working on this feature but we'd happily review and merge a patch from a motivated contributor. |
|
Good idea! Any progress with it? |
|
No, I built Helm-Vault instead. |
|
As I see this implementation almost done - #623 |
|
Looks like it's already implemented and merged #655. The question is when is it going to be released? |
|
This appears to just use Vault as a KMS storage area for your encryption keys, and does not actually store your secret values in Vault (which may be the preferred method for some). |
Yes, sops publish does what you want instead |
|
Link to the documentation on sops publish? |
https://github.com/mozilla/sops/blob/master/README.rst#2171publishing-to-vault |
Would love to see support for Vault's transit backend as the encryption key authority!
The text was updated successfully, but these errors were encountered: