Additional ring encryption UX #485
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change introduces an optional way to set the Ring name when a
Supervisor starts via setting a `HAB_RING` environment variable. The
environment variable will always be overrident if the user uses an
explicit `--ring` option on start, meaning that a CLI arugment is always
first priority and environment variable is secondary.
Current explicit behavior:
hab-sup start --ring possums core/redis
New, alternative use with an environment variable:
env HAB_RING=possums hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
…mmand.
This change introduces a way to inject a Ring key to a Supervisor when
it starts via setting a new `HAB_RING_KEY` environment variable. Whereas
the previous `HAB_RING` environment variable contains the name of the
key (which is supposed to already exist on disk locally in the key
cache), the `HAB_RING_KEY` contains the contents of a key file itself.
This allows an operator to start a brand new Supervisor with the
following:
env HAB_RING_KEY='SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=' hab-sup start core/redis
or alternatively:
cat <<EOF > /tmp/key
SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=
EOF
env HAB_RING_KEY="$(cat /tmp/key)" hab-sup start core/redis
or, even:
env HAB_RING_KEY="$(curl https://extreme.trust/key)" hab-sup start core/redis
As before, there is a priority order in which CLI options and
environment variables are checked when setting the ring key on start:
1. The `--ring` option on the command line wins over any other setting
2. A set `$HAB_RING_KEY` environment variable is used next
3. A set `$HAB_RING` environment variable is used last
4. The Supervisor will start in an unencrypted mode
Signed-off-by: Fletcher Nichol <[email protected]>
This change introduces two new subcommands which are intended to work
together to support a server-based workflow, where "server" may mean a
bare metal server, virtual machine, cloud instance, etc.
The first is a `hab ring key export` subcommand which outputs the latest
ring key's file contents to standard out. For example:
hab ring key generate unicorns
#=> Successfully generated ring key unicorns-20160505003452
hab ring key export unicorns
#=> SYM-SEC-1
# unicorns-20160505003452
#
# 9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
The flip side of this pairing is a `hab ring key import` subcommand
which consumes a standard input stream containing a ring key's file
contents, which it then writes to disk in the key cache with the correct
file name. Extending the example from above:
cat <<EOF | hab ring key import
SYM-SEC-1
unicorns-20160505003452
9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
EOF
#=> Imported key unicorns-20160505003452
While this may not be terribly useful on a single system, pushing and
pulling ring keys across systems is now much easier with SSH pipes. For
example:
# Push a ring key to another host
hab ring key export unicorns | ssh node2 hab ring key import
# Pull a ring key from another host
ssh node2 hab ring key export unicorns | hab ring key import
# Pull a ring key from another host and start a Supervisor
env HAB_RING_KEY='$(ssh node1 hab ring key export unicorns)' hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
|
|
| Some(val) => { | ||
| if val != SECRET_SYM_KEY_VERSION { | ||
| return Err(Error::CryptoError(format!("Unsupported key version: {}", val))); | ||
| } |
There was a problem hiding this comment.
should there be a ; after } here?
There was a problem hiding this comment.
Only if you are binding something with let. Just a boolean test doesn't need to have a ; after the }
|
fantastic 👏 , the tests look great, I'm can't wait to use this for testing the other pieces of crypto.
|
|
📌 Commit bdeda50 has been approved by |
thesentinels
pushed a commit
that referenced
this pull request
May 5, 2016
This change introduces an optional way to set the Ring name when a
Supervisor starts via setting a `HAB_RING` environment variable. The
environment variable will always be overrident if the user uses an
explicit `--ring` option on start, meaning that a CLI arugment is always
first priority and environment variable is secondary.
Current explicit behavior:
hab-sup start --ring possums core/redis
New, alternative use with an environment variable:
env HAB_RING=possums hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
thesentinels
pushed a commit
that referenced
this pull request
May 5, 2016
…mmand.
This change introduces a way to inject a Ring key to a Supervisor when
it starts via setting a new `HAB_RING_KEY` environment variable. Whereas
the previous `HAB_RING` environment variable contains the name of the
key (which is supposed to already exist on disk locally in the key
cache), the `HAB_RING_KEY` contains the contents of a key file itself.
This allows an operator to start a brand new Supervisor with the
following:
env HAB_RING_KEY='SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=' hab-sup start core/redis
or alternatively:
cat <<EOF > /tmp/key
SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=
EOF
env HAB_RING_KEY="$(cat /tmp/key)" hab-sup start core/redis
or, even:
env HAB_RING_KEY="$(curl https://extreme.trust/key)" hab-sup start core/redis
As before, there is a priority order in which CLI options and
environment variables are checked when setting the ring key on start:
1. The `--ring` option on the command line wins over any other setting
2. A set `$HAB_RING_KEY` environment variable is used next
3. A set `$HAB_RING` environment variable is used last
4. The Supervisor will start in an unencrypted mode
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
thesentinels
pushed a commit
that referenced
this pull request
May 5, 2016
This change introduces two new subcommands which are intended to work
together to support a server-based workflow, where "server" may mean a
bare metal server, virtual machine, cloud instance, etc.
The first is a `hab ring key export` subcommand which outputs the latest
ring key's file contents to standard out. For example:
hab ring key generate unicorns
#=> Successfully generated ring key unicorns-20160505003452
hab ring key export unicorns
#=> SYM-SEC-1
# unicorns-20160505003452
#
# 9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
The flip side of this pairing is a `hab ring key import` subcommand
which consumes a standard input stream containing a ring key's file
contents, which it then writes to disk in the key cache with the correct
file name. Extending the example from above:
cat <<EOF | hab ring key import
SYM-SEC-1
unicorns-20160505003452
9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
EOF
#=> Imported key unicorns-20160505003452
While this may not be terribly useful on a single system, pushing and
pulling ring keys across systems is now much easier with SSH pipes. For
example:
# Push a ring key to another host
hab ring key export unicorns | ssh node2 hab ring key import
# Pull a ring key from another host
ssh node2 hab ring key export unicorns | hab ring key import
# Pull a ring key from another host and start a Supervisor
env HAB_RING_KEY='$(ssh node1 hab ring key export unicorns)' hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
|
☀️ Test successful - travis |
jtimberman
pushed a commit
that referenced
this pull request
Jun 12, 2016
This change introduces an optional way to set the Ring name when a
Supervisor starts via setting a `HAB_RING` environment variable. The
environment variable will always be overrident if the user uses an
explicit `--ring` option on start, meaning that a CLI arugment is always
first priority and environment variable is secondary.
Current explicit behavior:
hab-sup start --ring possums core/redis
New, alternative use with an environment variable:
env HAB_RING=possums hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
jtimberman
pushed a commit
that referenced
this pull request
Jun 12, 2016
…mmand.
This change introduces a way to inject a Ring key to a Supervisor when
it starts via setting a new `HAB_RING_KEY` environment variable. Whereas
the previous `HAB_RING` environment variable contains the name of the
key (which is supposed to already exist on disk locally in the key
cache), the `HAB_RING_KEY` contains the contents of a key file itself.
This allows an operator to start a brand new Supervisor with the
following:
env HAB_RING_KEY='SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=' hab-sup start core/redis
or alternatively:
cat <<EOF > /tmp/key
SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=
EOF
env HAB_RING_KEY="$(cat /tmp/key)" hab-sup start core/redis
or, even:
env HAB_RING_KEY="$(curl https://extreme.trust/key)" hab-sup start core/redis
As before, there is a priority order in which CLI options and
environment variables are checked when setting the ring key on start:
1. The `--ring` option on the command line wins over any other setting
2. A set `$HAB_RING_KEY` environment variable is used next
3. A set `$HAB_RING` environment variable is used last
4. The Supervisor will start in an unencrypted mode
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
jtimberman
pushed a commit
that referenced
this pull request
Jun 12, 2016
This change introduces two new subcommands which are intended to work
together to support a server-based workflow, where "server" may mean a
bare metal server, virtual machine, cloud instance, etc.
The first is a `hab ring key export` subcommand which outputs the latest
ring key's file contents to standard out. For example:
hab ring key generate unicorns
#=> Successfully generated ring key unicorns-20160505003452
hab ring key export unicorns
#=> SYM-SEC-1
# unicorns-20160505003452
#
# 9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
The flip side of this pairing is a `hab ring key import` subcommand
which consumes a standard input stream containing a ring key's file
contents, which it then writes to disk in the key cache with the correct
file name. Extending the example from above:
cat <<EOF | hab ring key import
SYM-SEC-1
unicorns-20160505003452
9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
EOF
#=> Imported key unicorns-20160505003452
While this may not be terribly useful on a single system, pushing and
pulling ring keys across systems is now much easier with SSH pipes. For
example:
# Push a ring key to another host
hab ring key export unicorns | ssh node2 hab ring key import
# Pull a ring key from another host
ssh node2 hab ring key export unicorns | hab ring key import
# Pull a ring key from another host and start a Supervisor
env HAB_RING_KEY='$(ssh node1 hab ring key export unicorns)' hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
raskchanky
pushed a commit
that referenced
this pull request
Apr 16, 2019
…mmand.
This change introduces a way to inject a Ring key to a Supervisor when
it starts via setting a new `HAB_RING_KEY` environment variable. Whereas
the previous `HAB_RING` environment variable contains the name of the
key (which is supposed to already exist on disk locally in the key
cache), the `HAB_RING_KEY` contains the contents of a key file itself.
This allows an operator to start a brand new Supervisor with the
following:
env HAB_RING_KEY='SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=' hab-sup start core/redis
or alternatively:
cat <<EOF > /tmp/key
SYM-SEC-1
beyonce-20160504220722
RCFaO84j41GmrzWddxMdsXpGdn3iuIy7Mw3xYrjPLsE=
EOF
env HAB_RING_KEY="$(cat /tmp/key)" hab-sup start core/redis
or, even:
env HAB_RING_KEY="$(curl https://extreme.trust/key)" hab-sup start core/redis
As before, there is a priority order in which CLI options and
environment variables are checked when setting the ring key on start:
1. The `--ring` option on the command line wins over any other setting
2. A set `$HAB_RING_KEY` environment variable is used next
3. A set `$HAB_RING` environment variable is used last
4. The Supervisor will start in an unencrypted mode
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
raskchanky
pushed a commit
that referenced
this pull request
Apr 16, 2019
This change introduces two new subcommands which are intended to work
together to support a server-based workflow, where "server" may mean a
bare metal server, virtual machine, cloud instance, etc.
The first is a `hab ring key export` subcommand which outputs the latest
ring key's file contents to standard out. For example:
hab ring key generate unicorns
#=> Successfully generated ring key unicorns-20160505003452
hab ring key export unicorns
#=> SYM-SEC-1
# unicorns-20160505003452
#
# 9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
The flip side of this pairing is a `hab ring key import` subcommand
which consumes a standard input stream containing a ring key's file
contents, which it then writes to disk in the key cache with the correct
file name. Extending the example from above:
cat <<EOF | hab ring key import
SYM-SEC-1
unicorns-20160505003452
9vXIC0OQyfP2+MYakkhma9eU9oAM+xHPIkylFn4fXj4=
EOF
#=> Imported key unicorns-20160505003452
While this may not be terribly useful on a single system, pushing and
pulling ring keys across systems is now much easier with SSH pipes. For
example:
# Push a ring key to another host
hab ring key export unicorns | ssh node2 hab ring key import
# Pull a ring key from another host
ssh node2 hab ring key export unicorns | hab ring key import
# Pull a ring key from another host and start a Supervisor
env HAB_RING_KEY='$(ssh node1 hab ring key export unicorns)' hab-sup start core/redis
Signed-off-by: Fletcher Nichol <[email protected]>
Pull request: #485
Approved by: reset
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change set contains 3 more ways to work with Ring keys when starting a Supervisor or a group of Supervisors. There are 2 new environment variables that the Supervisor honors which have a Container-driven workflow in mind, and a new pair of Ring key import/export commands on the
habCLI which are focused towards server/vm workflows. All additional functionality attempts to make working with Ring keys more simple. This is the sad part about any cryptography or encryption: you cannot eliminate the key distribution problem.[sup] Honor
HAB_RINGforstartsubcommand.This change introduces an optional way to set the Ring name when a
Supervisor starts via setting a
HAB_RINGenvironment variable. Theenvironment variable will always be overrident if the user uses an
explicit
--ringoption on start, meaning that a CLI arugment is alwaysfirst priority and environment variable is secondary.
Current explicit behavior:
New, alternative use with an environment variable:
[sup] Honor
HAB_RING_KEYcontaining key's content forstartsubcommand.This change introduces a way to inject a Ring key to a Supervisor when
it starts via setting a new
HAB_RING_KEYenvironment variable. Whereasthe previous
HAB_RINGenvironment variable contains the name of thekey (which is supposed to already exist on disk locally in the key
cache), the
HAB_RING_KEYcontains the contents of a key file itself.This allows an operator to start a brand new Supervisor with the
following:
or alternatively:
or, even:
As before, there is a priority order in which CLI options and
environment variables are checked when setting the ring key on start:
--ringoption on the command line wins over any other setting$HAB_RING_KEYenvironment variable is used next$HAB_RINGenvironment variable is used last[hab] Add
ring key import&ring key exportsubcommands.This change introduces two new subcommands which are intended to work
together to support a server-based workflow, where "server" may mean a
bare metal server, virtual machine, cloud instance, etc.
The first is a
hab ring key exportsubcommand which outputs the latestring key's file contents to standard out. For example:
The flip side of this pairing is a
hab ring key importsubcommandwhich consumes a standard input stream containing a ring key's file
contents, which it then writes to disk in the key cache with the correct
file name. Extending the example from above:
While this may not be terribly useful on a single system, pushing and
pulling ring keys across systems is now much easier with SSH pipes. For
example: