Skip to content

Master Root Key rotation for K8S secret backend#1071

Merged
baum merged 1 commit intonoobaa:masterfrom
baum:keyrotate
May 2, 2023
Merged

Master Root Key rotation for K8S secret backend#1071
baum merged 1 commit intonoobaa:masterfrom
baum:keyrotate

Conversation

@baum
Copy link
Contributor

@baum baum commented Mar 13, 2023
edited
Loading

KMS - Key Rotate

This is the interface for sharing keys between the NooBaa operator and the NooBaa core, endpoint pods for the Master Root Key rotation feature. The Root key rotate - core side #7218

Sample rotating Master Root Key secret

The secret will contain a list of keys and the pointer to the current key.

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: noobaa-root-master-key-volume
  namespace: default
data:
  active_root_key: a2V5LTE2Nzg4MjYyMzE1Mjk3ODk0Mzc=
  key-1678826231529789437: cTJ1SG5pbXJYeHViVTJTUVkwZmZ6eWVhMFNQSHAwLzNUMS9Wbi9vcGNPVT0=

NooBaa core, endpoint pods view

The keys secret volume is mounted into the core, endpoint pods as a volume,
under /etc/noobaa-server/root_keys directory

Pod shell view,

bash-4.4$ cd /etc/noobaa-server/root_keys
bash-4.4$ ls -l
total 0
lrwxrwxrwx 1 root root 22 Mar 14 20:37 active_root_key -> ..data/active_root_key
lrwxrwxrwx 1 root root 30 Mar 14 20:37 key-1678826231529789437 -> ..data/key-1678826231529789437
bash-4.4$ for f in *; do echo "$f -> $(cat $f)"; done
active_root_key -> key-1678826231529789437
key-1678826231529789437 -> q2uHnimrXxubU2SQY0ffzyea0SPHp0/3T1/Vn/opcOU=

@baum baum force-pushed the keyrotate branch 16 times, most recently from 4dab669 to 3499516 Compare March 14, 2023 18:48
@baum baum force-pushed the keyrotate branch 2 times, most recently from 611d309 to 50d3258 Compare March 14, 2023 20:27
@baum baum force-pushed the keyrotate branch 5 times, most recently from 4723312 to 5f8a8f6 Compare March 14, 2023 22:28
@baum baum force-pushed the keyrotate branch 7 times, most recently from 7e0de3d to 07a6d4b Compare March 29, 2023 17:13
dannyzaken
dannyzaken previously requested changes Apr 2, 2023
View reviewed changes
@nimrod-becker nimrod-becker removed the request for review from romayalon April 20, 2023 10:02
@baum baum force-pushed the keyrotate branch 2 times, most recently from 0b17bc9 to 0cceb83 Compare April 24, 2023 11:33
@baum baum force-pushed the keyrotate branch 13 times, most recently from 43b8218 to e663ff6 Compare April 27, 2023 12:01
@jackyalbo
Master Root Key rotation for K8S secret backend
4a9a954 
Co-authored-by: jackyalbo <jalbo@redhat.com>
Signed-off-by: Alexander Indenbaum <aindenba@redhat.com>
@iPraveenParihar iPraveenParihar mentioned this pull request Oct 16, 2024
Merged
@Neon-White Neon-White mentioned this pull request Apr 2, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shirady shirady shirady left review comments

@jackyalbo jackyalbo jackyalbo approved these changes

@dannyzaken dannyzaken dannyzaken left review comments

Assignees

No one assigned

Labels

size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@baum @dannyzaken @jackyalbo @shirady