Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support for envelope encryption for secrets with AWS KMS #767

Closed
1 of 4 tasks
kuuji opened this issue Mar 6, 2020 · 2 comments
Closed
1 of 4 tasks

Feature request: Support for envelope encryption for secrets with AWS KMS #767

kuuji opened this issue Mar 6, 2020 · 2 comments

Comments

@kuuji
Copy link

kuuji commented Mar 6, 2020
edited
Loading

I'm submitting a...

  • bug report
  • feature request
  • support request - read the FAQ first!
  • kudos, thank you, warm fuzzy

Description

Amazon just released support for envelope encryption for secrets using KMS. -> https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

It looks like the terraform resource has been updated and already supports it -> https://www.terraform.io/docs/providers/aws/r/eks_cluster.html#encryption_config-1

This feature request is to add support in this module. I'm willing to take a stab at it since it looks pretty straightforward, just wanted to make sure no one is already working on this before I give it a try.

Edit : Not sure if it'll be that straightforward since the encryption_config parameter is an optional block that includes a required block.
The only solution I can think of is to duplicate the cluster resource and add encryption_config to the new one. And control which one is used with a count and a ternary. Open to suggestions for a better way.
Edit 2 : I guess I could use a for_each and a dynamic block for that.
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret encryption support
6b99bcb 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
a44c108 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
13a32a2 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
@wwentland wwentland mentioned this issue Mar 10, 2020
Merged
3 tasks
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
417303d 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
478702b 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
6d9d01a 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
7e9a106 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
e46a19d 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
052eb1b 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
5ea5626 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
wwentland added a commit to wwentland/terraform-aws-eks that referenced this issue Mar 10, 2020
@wwentland
Add EKS Secret envelope encryption support
1c0aa0d 
This adds support for configuring EKS clusters that utilise envelope
encryption for Secrets:

- https://aws.amazon.com/about-aws/whats-new/2020/03/amazon-eks-adds-envelope-encryption-for-secrets-with-aws-kms/

- https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/

This addresses terraform-aws-modules#767
@barryib
Copy link
Member

barryib commented Mar 12, 2020

Resolved by #772

@barryib barryib closed this as completed Mar 12, 2020
@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barryib @kuuji