Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add encryption, digest and secret support to security #2872

Merged
merged 2 commits into from
Mar 26, 2021
Merged

Add encryption, digest and secret support to security #2872

merged 2 commits into from
Mar 26, 2021

Conversation

tomas-langer
Copy link
Member

First implementation of encryption and secrets in config

Related to #2395

This is the first update preparing for OCI and Hashicorp (HCP) Vault integrations.

This update adds the following methods to Security:

  • encrypt - to encrypt a secret using one of the configured security providers
  • decrypt- to decrypt a cipher text obtained from encrypt on this service (or another with the same configuration)
  • digest - to sign or generate an HMAC
  • verifyDigest - to verify a signature or HMAC from digest on this service (or another with the same configuration)
  • secret - to get a secret

Encryption and secret has also the first implementation in helidon-config-encryption.

These methods are expected to be provided by Vault integrations, such as HCP Vault and OCI Vault (and others in the future).

Mapping to Vault operations:

  • encrypt, decrypt - OCI Vault keys, using encryption endpoint; HCP Vault - Transit secrets engine
  • digest, verifyDigest - dtto
  • secret - OCI Vault secrets, HCP Vault kv2 secrets, kv1 secrets, Cubbyhole etc.

These implementations and example(s) will be added in future PRs

@tomas-langer tomas-langer added enhancement New feature or request security labels Mar 24, 2021
@tomas-langer tomas-langer added this to the 2.3.0 milestone Mar 24, 2021
@tomas-langer tomas-langer self-assigned this Mar 24, 2021
@tomas-langer
Add encryption, digest and secret support to security
3558b35 
First implementation of encryption and secrets in config
@tomas-langer tomas-langer force-pushed the 2395-vault-part1 branch 2 times, most recently from 99b344a to b393a8a Compare March 24, 2021 18:25
@tomas-langer tomas-langer merged commit 42281e5 into helidon-io:master Mar 26, 2021
@tomas-langer tomas-langer deleted the 2395-vault-part1 branch March 26, 2021 10:19
paulparkinson pushed a commit that referenced this pull request Mar 29, 2021
@tomas-langer @paulparkinson
Add encryption, digest and secret support to security (#2872)
ae4f386 
* Add encryption, digest and secret support to security
* First implementation of encryption and secrets based on config
aseovic pushed a commit to aseovic/helidon that referenced this pull request Apr 26, 2021
@tomas-langer @aseovic
Add encryption, digest and secret support to security (helidon-io#2872)
5591898 
* Add encryption, digest and secret support to security
* First implementation of encryption and secrets based on config
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Verdent Verdent Verdent approved these changes

Assignees

@tomas-langer tomas-langer

Labels
enhancement New feature or request security
Projects
Backlog
Archived in project
Milestone
2.3.0
Development

Successfully merging this pull request may close these issues.
2 participants
@tomas-langer @Verdent