Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sops: various improvements and tests #607

Merged
merged 15 commits into from
Apr 5, 2022
Merged

sops: various improvements and tests #607

merged 15 commits into from
Apr 5, 2022

Conversation

hiddeco
Copy link
Member

@hiddeco hiddeco commented Mar 30, 2022

This PR revises the SOPS keysource implementations, removes dead code, and adds tests.

@pjbgf pjbgf added this to the GA milestone Mar 31, 2022
@hiddeco hiddeco force-pushed the sops-keyservice-imprv branch 19 times, most recently from 563d732 to 61c2761 Compare April 4, 2022 14:51
@hiddeco hiddeco added the area/sops SOPS related issues and pull requests label Apr 4, 2022
@hiddeco hiddeco force-pushed the sops-keyservice-imprv branch 6 times, most recently from 14c5a6b to 2b71a70 Compare April 4, 2022 19:33
These bits of code have a history of accidents around the fallback
behavior. By simplifying it, the fallback should generally always work,
unless you put in instructions to take another route.

Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures data used for decryption is not exposed widely after
constructing the Server, and prevents a bypass to the default server
fallback.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This ensures we signal early that we will be unable to fulfill the
request, instead of letting the underlying keysource implementation
run into mayhem. Which can be problematic for e.g. PGP, which has
assumptions about things being located relative to the given home
directory, resulting in possible unexpected behavior if an empty path
is given.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This revises the PGP keysource implementation, removing bits of code
that were not actually in use, or not viable in combination with how we
work with keys. In short:

- crypto/openpgp implementation has been removed. As it is unable to read
  the keystore created by newer versions of GnuPG. Given we import user
  provided keys _with_ GnuPG, this was basically dead code.
- All capabilities around fetching public keys from a server have been
  removed.
- "Jailing" of GnuPG shell-out is now handled in `gpgExec`, in addition,
  arguments for encrypt and decrypt execs have been revised to ensure
  they e.g. do not instruct to use the agent.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new GnuPGHome type which can be used to create a new
contained GnuPG home directory. The type is self-validating, ensuring
it adheres to e.g. permission rules set out by GnuPG, and allows for
importing keys from armored bytes and files.

Because of this introduction, the decryptor service no longer has to
write data from a Secret to a temporary file, but is instead able to
directly import them into the keyring from the Secret entry's bytes.

Signed-off-by: Hidde Beydals <hello@hidde.co>
@hiddeco hiddeco marked this pull request as ready for review April 4, 2022 22:06
This adds a new ParsedIdentities type which can be used to parse a set
of age identities just once, instead of parsing them for every Decrypt
request.

Signed-off-by: Hidde Beydals <hello@hidde.co>
This adds a new Token type which can be used to configure an
azcore.TokenCredential on a master key. Due to this introduction, the
server only has to go through the AADConfig once.

Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Signed-off-by: Hidde Beydals <hello@hidde.co>
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hiddeco 🔝🔝 stuff!

LGTM

@stefanprodan stefanprodan mentioned this pull request Apr 5, 2022
Signed-off-by: Hidde Beydals <hello@hidde.co>
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @hiddeco 🥇

@hiddeco hiddeco merged commit cbd02ea into main Apr 5, 2022
@hiddeco hiddeco deleted the sops-keyservice-imprv branch April 5, 2022 11:20
@stefanprodan stefanprodan modified the milestones: GA, Bootstrap GA Jul 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/sops SOPS related issues and pull requests
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants