New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[KMSv2] Use status key ID to determine staleness of encrypted data #111922
Comments
Hi @enj! Release Bug Triage Shadow here - I just wanted to see if this is still on track for the 1.26 release? It looks like you have made lots of progress! |
@cailynse yup I am hoping to have this sorted before KubeCon :) |
Hey! @enj - checking in again to see if there are any updates |
@cailynse I am going to push this out to next release because the associated refactors took a long time to merge and some are still in-flight for v1.26. /milestone v1.27 |
@enj: The provided milestone is not valid for this repository. Milestones in this repository: [ Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Today you need multiple encryption providers to communicate to the API server if data stored in etcd is stale (i.e. the KMS v1beta1 API has no way to communicate staleness). The KMS v2 API includes a key ID in the status API to allow for such a check to be performed. We need to wire the knowledge of the current key ID into the envelope encryption code.
xref: #111126 (comment)
/assign
/milestone v1.26
/sig auth
/triage accepted
The text was updated successfully, but these errors were encountered: