Add encryption/decryption logic#11110
Closed
lakshmimsft wants to merge 1 commit intoradius-project:mainfrom
Closed
Add encryption/decryption logic#11110lakshmimsft wants to merge 1 commit intoradius-project:mainfrom
lakshmimsft wants to merge 1 commit intoradius-project:mainfrom
Conversation
lakshmimsft
temporarily deployed
to
functional-tests
GitHub Actions
Inactive
lakshmimsft
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
Radius functional test overviewClick here to see the test run details
Test Status⌛ Building Radius and pushing container images for functional tests... |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
lakshmimsft
force-pushed
the
lakshmimsft/encryption
branch
from
a6b4545 to
f959e63
Compare
lakshmimsft
requested a deployment
to
functional-tests
GitHub Actions
Waiting
lakshmimsft
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
Signed-off-by: lakshmimsft <ljavadekar@microsoft.com>
lakshmimsft
force-pushed
the
lakshmimsft/encryption
branch
from
f959e63 to
3127633
Compare
lakshmimsft
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
lakshmimsft
temporarily deployed
to
publish-bicep
GitHub Actions
Inactive
Contributor
Author
|
closing this PR from fork. created pr against radius repo: #11114 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pr introduces a encryption subsystem, providing the core encryption logic along with comprehensive tests. The main changes include the implementation of a ChaCha20-Poly1305-based encryption module, key provider interfaces and implementations (for both Kubernetes and in-memory usage), and thorough unit and integration tests to ensure reliability and correct behavior.
ref: design doc
Encryption functionality:
Encryptortype inencryption.go, providing methods for encrypting and decrypting data using ChaCha20-Poly1305 with support for associated data (AD) binding, and includes utility methods for key generation and encrypted data validation.Key management:
KeyProviderinterface and provides two implementations inkeyprovider.go:KubernetesKeyProvider(retrieves keys from Kubernetes Secrets with configurable options) andInMemoryKeyProvider(for testing and development), along with error handling for key retrieval and validation.Testing and validation:
keyprovider_test.gowith comprehensive tests for both key provider implementations, covering success and error cases.Type of change
Fixes: #11071
Contributor checklist
Please verify that the PR meets the following requirements, where applicable: