Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Transparent Data Encryption(TDE) for PD #18262

Closed
scsldb opened this issue Jun 29, 2020 · 7 comments
Closed

Support Transparent Data Encryption(TDE) for PD #18262

scsldb opened this issue Jun 29, 2020 · 7 comments
Assignees
@yiwu-arbug
Labels
feature/accepted This feature request is accepted by product managers priority/P0 The issue has P0 priority. type/feature-request Categorizes issue or PR as related to a new feature.
Milestone
v5.0.0 ga

Comments

@scsldb
Copy link

scsldb commented Jun 29, 2020
edited by nolouch
Loading

Description

In TiDB 4.0 we introduce encryption-at-rest support to TiKV. However, it doesn’t provide full encryption-support to the whole TiDB cluster. This is because PD also store a small amount of user data. At the very least, PD store region boundaries in PD, which may contain user data when the keys are index keys. We propose to encrypt all key-values that stored in etcd cluster in PD, so we can have peace of mind without checking every time we store a new type of data in PD.

Category

Feature、Security

Design

- Docs

Value

Improve system security

Schedule

GanttStart: 2020-07-04
GanttDue: 2020-11-28
GanttProgress: 5%
@scsldb scsldb added type/feature-request Categorizes issue or PR as related to a new feature. priority/P0 The issue has P0 priority. labels Jun 29, 2020
@scsldb scsldb added this to the v5.0-alpha milestone Jun 29, 2020
@zz-jason zz-jason changed the title PD support TDE support transparent data encryption in PD Jul 2, 2020
@yiwu-arbug
Copy link

Design document: https://docs.google.com/document/d/19aAIY3GNc2wCoOzMK6EoKugWm8tJo8W4HqnYH6qCy1E/edit?usp=sharing

@zz-jason
Copy link
Member

zz-jason commented Jul 9, 2020

Screen Shot 2020-07-09 at 14 48 58

I moved it to "Requirement: Scheduled", we can go-ahead the developing progress.

@scsldb scsldb mentioned this issue Jul 10, 2020
Open
11 tasks
@zz-jason zz-jason changed the title support transparent data encryption in PD Support Transparent Data Encryption(TDE) for PD Jul 10, 2020
@scsldb scsldb modified the milestones: v5.0.0-alpha, v5.0.0-beta.1 Jul 15, 2020
@zz-jason zz-jason added the feature/accepted This feature request is accepted by product managers label Jul 29, 2020
@yiwu-arbug
Copy link

Design document: https://docs.google.com/document/d/19aAIY3GNc2wCoOzMK6EoKugWm8tJo8W4HqnYH6qCy1E/edit?usp=sharing

Design docs is updated:

  • Updated to only encryption region boundary keys
  • Updated to encryption also the region boundary keys stored in region storage (LevelDB)
  • Updated with more implementation details

Moving to development.

@yiwu-arbug
Copy link

Implementation ongoing, 20% progress.

@yiwu-arbug
Copy link

Implementation almost finished. Should be able to get a workable version and start sending out PR early next week.

@yiwu-arbug yiwu-arbug mentioned this issue Sep 9, 2020
Merged
yiwu-arbug pushed a commit to tikv/pd that referenced this issue Sep 16, 2020
Encrypt region boundary keys, Part 1 - helper functions (#2931)
0a15643 
Signed-off-by: Yi Wu <[email protected]>

<!--
Thank you for working on PD! Please read PD's [CONTRIBUTING](https://github.com/tikv/pd/blob/master/CONTRIBUTING.md) document **BEFORE** filing this PR.
PR Title Format:
1. pkg [, pkg2, pkg3]: what's changed
2. *: what's changed
-->

### What problem does this PR solve?

<!-- Add the issue link with a summary if it exists. -->
This is part 1 for adding TDE support to PD. pingcap/tidb#18262 It contains helper methods for encryption.

### What is changed and how it works?

This PR adds utility types and functions:
* encrypt/decrypt data using aes-ctr (for encrypting region boundary keys) and aes-gcm (for encrypting data encryption keys)
* helper methods to encrypt/decrypt region boundary keys in-place
* wrapper of master key, and helper method to read a master key (must be a 256 bit encryption key, stored as hex-string) from a local file

### Check List

<!-- Remove the items that are not applicable. -->

Tests

<!-- At least one of them must be included. -->

- Unit test

Related changes

- depends on pingcap/kvproto#666

### Release note

* No release note
@yiwu-arbug yiwu-arbug mentioned this issue Sep 16, 2020
Merged
@yiwu-arbug
Copy link

No much progress this week, but the second PR (2/4) is closed to merge.

@yiwu-arbug yiwu-arbug mentioned this issue Oct 12, 2020
Merged
@yiwu-arbug
Copy link

Sent the third PR (3/4) earlier the week. Awaiting review.

@yiwu-arbug yiwu-arbug mentioned this issue Nov 3, 2020
Merged
@jebter jebter modified the milestones: v5.0.0-beta.1, v5.0.0-rc Jan 7, 2021
@jebter jebter modified the milestones: v5.0.0-rc, v5.0.0 Jan 18, 2021
This was referenced Aug 12, 2021
Merged
Closed
@ti-chi-bot ti-chi-bot mentioned this issue Sep 10, 2021
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yiwu-arbug yiwu-arbug

Labels
feature/accepted This feature request is accepted by product managers priority/P0 The issue has P0 priority. type/feature-request Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
v5.0.0 ga
Development

No branches or pull requests
4 participants
@yiwu-arbug @jebter @zz-jason @scsldb