-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support encrypting backup data (with AES-GCM) with flag --encryption-config-path
#418
base: master
Are you sure you want to change the base?
Conversation
@KevinWang15 Thank you for your contribution. |
Thank you @KevinWang15 for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below. |
Welcome @KevinWang15! :) Please sign the CLA |
439fa42
to
bbbbac8
Compare
bbbbac8
to
8b748c0
Compare
Hi @KevinWang15 , |
8b748c0
to
10bc22a
Compare
Hi @ishan16696 , I have rebased this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey there, I saw this great PR, and I thought I would make a few drive-by comments! See below for some thoughts:
DATA_ENCRYPTION_KEY
for transparently encrypting backup data--encryption-config-path
Hi @sibucan, I have addressed these problems, PTAL again, thanks. |
Hi @KevinWang15 ,
Can you fix this and you can also Locally test this by running |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also add a example for encryption-config file here: https://github.com/gardener/etcd-backup-restore/tree/master/example
Can we move this or if |
Okay, I will.
I think it is a good idea to make The reason I added |
49d555c
to
4dd7164
Compare
I have updated the code, PTAL again |
hmm ... make sense but what about this scenario:
Doubt 1: How it gonna distinguish between encrypted snapshot(which needs decryption while restoration) and non-encrypted snapsho(no need of decryption) to restore the etcd. |
@ishan16696 Right, I guess changing encryption config on the fly isn't really practical. |
Its not only about enabling encryption on the fly but also it’s about backward compatibility. To solve this issue of backward compatibility I would suggest to use a
and using this |
we also used the similar technique of appending a suffix in our compression implementation . check here |
@ishan16696 I can see how there's value in appending a suffix to the snapshot to indicate whether it's encrypted or not, since it provides a path to restoration when you have e.g. some encrypted incremental snapshots over an unencrypted full snapshot, which is an expected situation when you've recently turned on encryption and a restoration needs to happen. But I think we should keep in mind:
To summarize, I think your suggestions are required for the (common) use case of turning on encryption, but once encryption is enabled, it really should be the user's knowledge that turning off encryption or rotating the key will invariably cause certain snapshots to be unrecoverable. It is their responsibility to ensure that in those situations, they take a manual snapshot to ensure that they're able to restore after that change. Please let me know if any of this is wrong. |
My use case didn't involve rotating the key so I didn't think about it as much as you did. 😃 Anyway, let me know when you have decided how to do it. I will be happy to update the PR. |
hmm ... I'm against the need of manual intervention of take the snapshot. case 1: when
case 2: disabling the encryption on the fly.
WDYT? |
From our internal discussion we found out that there could be many edge cases possible with this feature : |
Yes, I agree. Take your time, there's no hurry merging this PR |
@ishan16696 with case 2 here, are you suggesting that we have the |
@KevinWang15 You need rebase this pull request with latest master branch. Please check. |
Hi,
Thanks for this project, I find it very helpful.
In my use case, I share the storage with other users, so I'd like to have my backup data encrypted.
I added this feature and decided to open this PR in case you may find it useful.
What this PR does / why we need it:
This PR makes it possible to encrypt the backup data.
A user can now optionally specify a flag
--encryption-config-path
that points to a JSON file containingSnapstoreEncryptionConfig
( e.g.{ "key": "your-encryption-key" }
).Backups will be encrypted (with AES-GCM) according to the specs.
It is also possible to update the specs on the fly - just change the content of the JSON file.
Release note: