Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Format conversion (including PKCS#12 support) #286

Closed
wants to merge 13 commits into from
Closed

[Merged by Bors] - Format conversion (including PKCS#12 support) #286

wants to merge 13 commits into from

Conversation

nightkr
Copy link
Member

@nightkr nightkr commented Jun 21, 2023
edited by lfrancke
Loading

Description

Fixes #130

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes

Author
Beta Give feedback

Reviewer
Beta Give feedback

Acceptance
Beta Give feedback

Once the review is done, comment bors r+ (or bors merge) to merge. Further information

@nightkr nightkr marked this pull request as ready for review June 21, 2023 18:13
@nightkr nightkr requested review from a team, razvan, fhennig and sbernauer June 21, 2023 18:13
@nightkr

This comment was marked as outdated.

Sign in to view
nightkr added a commit to stackabletech/operator-rs that referenced this pull request Jun 22, 2023
@nightkr
Allow users to request a secret format
d30e9da 
The client side of stackabletech/secret-operator#286
nightkr added a commit to stackabletech/zookeeper-operator that referenced this pull request Jun 22, 2023
@nightkr
Let secret-operator handle PKCS#12 conversion
07a96dc 
Requires stackabletech/secret-operator#286
This was referenced Jun 22, 2023
Merged
Closed
Closed
sbernauer
sbernauer reviewed Jun 26, 2023
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!

docs/modules/secret-operator/pages/secretclass.adoc Outdated Show resolved Hide resolved
rust/operator-binary/src/backend/mod.rs Outdated Show resolved Hide resolved
rust/operator-binary/src/format/convert.rs Outdated Show resolved Hide resolved
@sbernauer
Copy link
Member

What did come to my mind is: What passwords are used to encrypt(?) trust and keystore? changeit? Do you think it would improve security to randomly generate them and write them out as files as well?
Documenting both would be great!

@nightkr
Copy link
Member Author

nightkr commented Jun 26, 2023

An empty string, which most clients seem to accept as if it was unencrypted.

I don't see how moving to a (meaningfully) encrypted keystore would improve things, all it would do is move the goalpost from protecting the keystore to protecting the key. That's helpful when you want to help humans transfer the key over an untrusted medium (such as email or chat). Less so when we have no such constraints.

@sbernauer
Copy link
Member

I would agree, could we please document the passphrase (in the docs)?
We have products where we do stuff to not have the changeit passphrase (I think e.g. in NiFI), so I would ask in chat if someone sees a problem going without encryption.

@nightkr
Copy link
Member Author

nightkr commented Jun 27, 2023

I was already expanding on that.. 5d1ee58 :P

sbernauer
sbernauer approved these changes Jun 28, 2023
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have discussed and agreed on an empty string as passphrase. Many thanks!

@nightkr
Copy link
Member Author

nightkr commented Jun 28, 2023

bors r+

bors bot pushed a commit that referenced this pull request Jun 28, 2023
@nightkr
Format conversion (including PKCS#12 support) (#286)
a0a35f5 
# Description

Fixes #130
bors bot pushed a commit to stackabletech/operator-rs that referenced this pull request Jun 28, 2023
@nightkr
Allow users to request a secret format (#610)
27f4653 

## Description

The client side of stackabletech/secret-operator#286



Co-authored-by: Natalie Klestrup Röijezon <teo.roijezon@stackable.de>
Co-authored-by: Natalie <teo@nullable.se>
@bors
Copy link
Contributor

bors bot commented Jun 28, 2023

Pull request successfully merged into main.

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

@bors bors bot changed the title Format conversion (including PKCS#12 support) [Merged by Bors] - Format conversion (including PKCS#12 support) Jun 28, 2023
@bors bors bot closed this Jun 28, 2023
@bors bors bot deleted the feature/conversion branch June 28, 2023 06:27
github-merge-queue bot pushed a commit to stackabletech/zookeeper-operator that referenced this pull request Aug 3, 2023
@nightkr @razvan
Let secret-operator handle PKCS#12 conversion (#695)
5c54371 
* Let secret-operator handle PKCS#12 conversion

Requires stackabletech/secret-operator#286

* Changelog

* Fix warnings

* Updated op-rs

* Update operator-rs patch

---------

Co-authored-by: Razvan-Daniel Mihai <84674+razvan@users.noreply.github.com>
@sbernauer sbernauer mentioned this pull request Aug 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions GitHub Actions github-actions left review comments

@sbernauer sbernauer sbernauer approved these changes

@razvan razvan Awaiting requested review from razvan

@fhennig fhennig Awaiting requested review from fhennig

Assignees
No one assigned
Labels
release/2023-07
Projects
Stackable Engineering
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Provide PKCS#12 bundles for TLS certs
3 participants
@nightkr @sbernauer @lfrancke