- Notifications
You must be signed in to change notification settings - Fork926
feat(coderd): connect dbcrypt package implementation#9523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
- Adds package enterprise/dbcrypt to implement database encryption/decryption- Adds table dbcrypt_keys and associated queries- Adds columns oauth_access_token_key_id and oauth_refresh_token_key_id to tables git_auth_links and user_linksNOTE: This is part 1 of a 2-part PR. This PR focusesmainly on the dbcrypt and database packages. A separatePR will add the required plumbing to integrate this intoenterprise/coderd properly.Co-authored-by: Kyle Carberry <kyle@coder.com>
This builds upon a previous PR. It is recommended to read that first.- Adds a command dbcrypt-rotate to re-enncrypt encrypted data- Plumbs through dbcrypt in enterprise/coderd (including unit tests)- Enables database encryption in develop.sh by default- Adds documentation in admin/encryption.md
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Co-authored-by: Dean Sheather <dean@deansheather.com>
Co-authored-by: Dean Sheather <dean@deansheather.com>
Uh oh!
There was an error while loading.Please reload this page.
Co-authored-by: Dean Sheather <dean@deansheather.com>
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Thanks@deansheather@mtojek@spikecurtis for your excellent review feedback and comments! |
Uh oh!
There was an error while loading.Please reload this page.
Reimplementation of#9433 following PR feedback.
This builds upon#9522. It is recommended to read that first.
server dbcrypt {rotate,decrypt,delete}to re-encrypt, decrypt, or delete encrypted data, respectively.Note: This essentially enables dbcryptby default, but the feature is soft-enforced on supplying external token encryption keys. Without specifying any keys, encryption/decryption is a no-op.