Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

command line tools for redacting keyring from snapshots #24023

Merged
merged 2 commits into from
Sep 20, 2024
Merged

command line tools for redacting keyring from snapshots #24023

merged 2 commits into from
Sep 20, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Sep 20, 2024
edited
Loading

In #23977 we moved the keyring into Raft, which can expose key material in Raft snapshots when using the less-secure AEAD keyring instead of KMS. This changeset adds tools for redacting this material from snapshots:

  • The operator snapshot state command gains the ability to display key metadata (only), which respects the -filter option.
  • The operator snapshot save command gains a -redact option that removes key material from the snapshot after it's downloaded.
  • A new operator snapshot redact command allows removing key material from an existing snapshot.

Full documentation on the new keyring work coming in a separate PR

@tgross tgross added this to the 1.9.0 milestone Sep 20, 2024
@tgross tgross marked this pull request as ready for review September 20, 2024 17:25
@tgross
Copy link
Member Author

tgross commented Sep 20, 2024
edited
Loading

Failing test is because of #24024 Rebased on main

@tgross
command line tools for redacting keyring from snapshots
a518628 
In #23977 we moved the keyring into Raft, which can expose key material in Raft
snapshots when using the less-secure AEAD keyring instead of KMS. This changeset
adds tools for redacting this material from snapshots:

* The `operator snapshot state` command gains the ability to display key
  metadata (only), which respects the `-filter` option.
* The `operator snapshot save` command gains a `-redact` option that removes key
  material from the snapshot after it's downloaded.
* A new `operator snapshot redact` command allows removing key material from an
  existing snapshot.
@tgross
make sure we fsync the snapshot
76b18d1
shoenig
shoenig approved these changes Sep 20, 2024
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tgross tgross merged commit a7f2cb8 into main Sep 20, 2024
29 checks passed
@tgross tgross deleted the cli-keyring-redaction branch September 20, 2024 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@schmichael schmichael Awaiting requested review from schmichael

@gulducat gulducat Awaiting requested review from gulducat

Assignees
No one assigned
Labels
theme/cli theme/keyring theme/raft type/enhancement
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @shoenig