Skip to content

[RFE] KMS migration helper #105

New issue
New issue
Open
Open
[RFE] KMS migration helper#105
Assignees
mhmxscvlcromdalfcannischan
Labels
enhancementNew feature or request
@romdalf

Description

@romdalf
romdalf
opened on Jun 9, 2022

-->Is it linked to a user story? (use the "#" to tag the user story)

#50 - Result of Design meeting held on June 9th 2022 with @cvlc @mhmxs @vfiftyfive @rovandep

-->What do we want to build?

Trousseau to migrate from one KMS provider to another

-->Why do we want to build it?

Chaning KMS is not a common operation but if it happens it should done in a smooth and secure way.
As Trousseau is the broker between the k8s api manager and the KMS, it should help in replacing the secrets encrypted with the old KMS with the new KMS.

-->How do we want to design it?

#103 will provide the ability to run contiguous KMS provider plugin in sidecars
This will help to perform a replace transaction in a secure and transparent way.
A safe switch might need to be thought of to handle this migration with a human validation.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

Trousseau

Status

Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions