Version: v0.0.0-...-988bfc7 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 16, 2021 License: Apache-2.0 Imports: 14 Imported by: 9




View Source
const EncryptionConfSecretKey = "encryption-config"

EncryptionConfSecretKey is the map data key used to store the raw bytes of the final encryption config.

View Source
const EncryptionConfSecretName = "encryption-config"

EncryptionConfSecretName is the name of the final encryption config secret that is revisioned per apiserver rollout.


This section is empty.


func FromEncryptionState

FromEncryptionState converts state to config.

func FromSecret

func FromSecret(encryptionConfigSecret *corev1.Secret) (*apiserverconfigv1.EncryptionConfiguration, error)

func ToEncryptionState

func ToEncryptionState(encryptionConfig *apiserverconfigv1.EncryptionConfiguration, keySecrets []*corev1.Secret) (map[schema.GroupResource]state.GroupResourceState, []state.KeyState)

ToEncryptionState converts config to state. Read keys contain a potential write key. Read keys are sorted, recent first.

It assumes: - the first provider provides the write key - the structure of the encryptionConfig matches the output generated by FromEncryptionState:

- one resource per provider
- one key per provider

- each resource has a distinct configuration with zero or more key based providers and the identity provider. - the last providers might be of type aesgcm. Then it carries the names of identity keys, recent first.

We never use aesgcm as a real key because it is unsafe.

func ToSecret

func ToSecret(ns, name string, encryptionCfg *apiserverconfigv1.EncryptionConfiguration) (*corev1.Secret, error)


This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL