Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support convergent encryption #56

Closed
wants to merge 1 commit into from
Closed

Support convergent encryption #56

wants to merge 1 commit into from

Conversation

mhuerster
Copy link

Currently, Vault's Transit engine supports key derivation, but
vault-rails does not support convergent encryption.

Support convergent encryption
2990820 
Currently, Vault's Transit engine supports key derivation, but
vault-rails does not support convergent encryption.
justincampbell
justincampbell reviewed May 15, 2019
View reviewed changes
Copy link
Contributor

@justincampbell justincampbell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for submitting this! And apologies for the delay in response.

I added support for key derivation in #78, and would love to help get this merged and released alongside of that.

We’ve added a CLA process since this PR was opened, which must be accepted before any of the code in this PR can be merged. You can sign the CLA here: https://cla.hashicorp.com/hashicorp/vault-rails?pullRequest=56.

Let me know if you’d like to continue work on this. If not, I’m happy to take over rebasing and merging it after you’ve signed the CLA.

Thanks again!

lib/vault/rails.rb
#
# @return [String]
# the encrypted cipher text
def encrypt(path, key, plaintext, client = self.client)
def encrypt(path, key, plaintext, client = self.client, convergent = false)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#78 changes the signature of encrypt and decrypt, such that we can refactor this PR to use keyword arguments for the convergent boolean.

lib/vault/rails.rb
@@ -27,6 +27,11 @@ module Rails
DEV_WARNING = "[vault-rails] Using in-memory cipher - this is not secure " \
"and should never be used in production-like environments!".freeze

VAULT_CONVERGENT_ENCRYPTION_CONTEXT = Base64.strict_encode64(
ENV.fetch('VAULT_CONVERGENT_ENCRYPTION_CONTEXT', 'default-context')
).freeze
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be removed in favor of per-attribute contexts in #78?

@hashicorp-cla
Copy link

hashicorp-cla commented Dec 6, 2019
edited
Loading

CLA assistant check

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

Molly Huerster seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA. If you already have a GitHub account, please add the email address used for this commit to your account.

Have you signed the CLA already but the status is still pending? Recheck it.

@tbehling
Copy link
Contributor

I'm closing this PR due to lack of CLA and merge conflicts that have accrued since 2018.

@tbehling tbehling closed this Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justincampbell justincampbell justincampbell left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mhuerster @hashicorp-cla @tbehling @justincampbell