Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS configuration to the KMS AWS #5651

Open
wants to merge 4 commits into
base: development/7.70
Choose a base branch
from

Conversation

outscale-fba
Copy link
Contributor

Add TLS configuration to the KMS AWS & a README for documenting the configuration.

Added TLS configuration can:

  • Allows self-signed CA during development,
  • Enable mTLS to authenticate the client, adding extra security
    See the Readme for details.

This pull request is spread over 2 repositories : Clouserver & Arsenal.

Add configuration mechanism for the new AWS KMS connector.
Depends on changes in Arsenal to have support of this new connector.
available

Up to now, the datakey was always generated using a locally generated
random number.
This commit allow to use the "generateDataKey" operation of a KMS when
it is implemented. It fallback to random number generation if not
available.
The benefit of generating the datakey in the KMS is a better entropy
source resulting in a "better" datakey.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant