This project is mirrored from https://gitee.com/mirrors/nomad.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 30 Aug, 2022 1 commit
    • Tim Gross's avatar
      keyring: wrap root key in key encryption key (#14388) · b7fea76f
      Tim Gross authored
      Update the on-disk format for the root key so that it's wrapped with a unique
      per-key/per-server key encryption key. This is a bit of security theatre for the
      current implementation, but it uses `go-kms-wrapping` as the interface for
      wrapping the key. This provides a shim for future support of external KMS such
      as cloud provider APIs or Vault transit encryption.
      
      * Removes the JSON serialization extension we had on the `RootKey` struct; this
        struct is now only used for key replication and not for disk serialization, so
        we don't need this helper.
      
      * Creates a helper for generating cryptographically random slices of bytes that
        properly accounts for short reads from the source.
      
      * No observable functional changes outside of the on-disk format, so there are
        no test updates.
      b7fea76f
  2. 05 Jan, 2021 1 commit
  3. 29 Sep, 2017 1 commit