Support parseutil.ParsePath for sensitive values in wrapper configs #272
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Will subsequently update the go.mod deps to a tagged version of go-kms-wrapping/v2 |
|
Updated this to just be the main package level changes. Next step if approved/merged is to tag gkw, then update the wrappers to use it against a tagged dep. |
jefferai
approved these changes
Jan 21, 2025
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
…ashicorp#272) and Use ParsePaths to source sensitive wrapper config values from Env/File if desired (hashicorp#275) * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * rollback wrapper changes until we have a tagged top level package * Improve ParsePaths behavior in errors, and add a usage comment --- * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * update go.mods to point to a fixed tag for ParsePath * go mod tidy * pr feedback
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
…ashicorp#272) and Use ParsePaths to source sensitive wrapper config values from Env/File if desired (hashicorp#275) * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * rollback wrapper changes until we have a tagged top level package * Improve ParsePaths behavior in errors, and add a usage comment --- * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * update go.mods to point to a fixed tag for ParsePath * go mod tidy * pr feedback
cipherboy
pushed a commit
to cipherboy/go-kms-wrapping
that referenced
this pull request
Feb 9, 2025
…ashicorp#272) and Use ParsePaths to source sensitive wrapper config values from Env/File if desired (hashicorp#275) * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * rollback wrapper changes until we have a tagged top level package * Improve ParsePaths behavior in errors, and add a usage comment Original commit: a1337fd --- * Add support for stdlib ParsePath to sensitive options * wip * wire up QuietParsePath to all remaining wrappers * Add ParsePaths * wip new pattern * bug fixes * remove unused * unit test * mod tidy * remove unnecessary change * remove unnecessary change * Use the new parsepath options * add missing errnoturl check * Update to parsepath 0.1.9 * update go.mods to point to a fixed tag for ParsePath * go mod tidy * pr feedback Original commit: 9aac87b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Quite a few operators have asked for the ability to pull sensitive values into seal/managed key configs from separate files, feeling env vars or direct config isn't secure. ParsePath gives them the option to get values from a separate file while being non-invasive to existing configs.