Config-encryption

This crate contains the flow-config-encryption binary, which is an http service that encrypts Flow endpoint configuration documents.

Dependencies:

The sops executable must be on the PATH, both at runtime, and for cargo test to pass.
You must first set APPLICATION_DEFAULT_CREDENTIALS. This service account must have access to the GCP KMS key that's passed in the arguments. See GCP ADC docs for more information.

Run like flow-config-encryption --gcp-kms your/fully/qualified/key/name to start the server listening (port 8765 by default). See the --help for more. Given a request with a payload like:

{
  "schema": {
    "type": "object",
    "properties": {
      "supa_secret": {
        "type": "string",
        "secret": true
      },
      "not_secret": {
        "type": "string"
      }
    }
  },
  "config": {
    "not_secret": "remain plain",
    "supa_secret": "encrypt me"
  }
}

You'd get an encrypted document in return where the entry for supa_secret gets changed to "supa_secret_sops": "ENC[...]", and the entry for not_secret remains unchanged.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github/workflows		.github/workflows
src		src
testdata		testdata
.dockerignore		.dockerignore
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
fetch-sops.sh		fetch-sops.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Config-encryption

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 3

Uh oh!

Languages

License

estuary/config-encryption

Folders and files

Latest commit

History

Repository files navigation

Config-encryption

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 3

Uh oh!

Languages

Packages