encryption-provider-operator

command module

v0.5.0 Latest Latest Go to latest Published: Jan 17, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

encryption-provider-operator is creating and updating encryption config for k8s secret encryption of secret in etcd

simplified process of key rotation

trigger new keyrotation -> either via annotation or after some period
new encryption config file is generated with old and new key, the new key on the first position
install encryption config hasher on the cluster and calculate hashes
operator waits until all nodes have the hash of the config that is equal to what it sees in the MC
operator will recreate all secrets
operator will update the encryption config and remove the old key the * last step is to roll all master nodes again but it's not required or watched by the controller

There is no documentation for this package.