Affected by GO-2023-1622 and 2 other vulnerabilities

GO-2023-1622: Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation

GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

GO-2025-4076: Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

setup

package

v2.5.2 Latest Latest Go to latest Published: Feb 16, 2023 License: AGPL-3.0 Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

Documentation ¶

Overview ¶

Package setup provides functions to create a KMS and key store from a given URI.

This package does not provide any functionality to interact with the KMS or key store, but only to create them.

Adding support for a new KMS or storage backend requires adding a new URI for that backend, and implementing the corresponding get*Config function.

Index ¶

Constants
func KMS(ctx context.Context, storageURI, kmsURI string) (kms.CloudKMS, error)
type KMSInformation
type MasterSecret
- func (m *MasterSecret) EncodeToURI() string

Constants ¶

View Source

const (
	AWSKMSURI     = "kms://aws?keyPolicy=%s&kekID=%s"
	AzureKMSURI   = "kms://azure-kms?name=%s&type=%s&kekID=%s"
	AzureHSMURI   = "kms://azure-hsm?name=%s&kekID=%s"
	GCPKMSURI     = "kms://gcp?project=%s&location=%s&keyRing=%s&protectionLvl=%s&kekID=%s"
	ClusterKMSURI = "kms://cluster-kms?key=%s&salt=%s"
	AWSS3URI      = "storage://aws?bucket=%s"
	AzureBlobURI  = "storage://azure?container=%s&connectionString=%s"
	GCPStorageURI = "storage://gcp?projects=%s&bucket=%s"
	NoStoreURI    = "storage://no-store"
)

Well known endpoints for KMS services.

Variables ¶

This section is empty.

Functions ¶

func KMS ¶

func KMS(ctx context.Context, storageURI, kmsURI string) (kms.CloudKMS, error)

KMS creates a KMS and key store from the given parameters.

Types ¶

type KMSInformation ¶

type KMSInformation struct {
	KMSURI             string
	StorageURI         string
	KeyEncryptionKeyID string
}

KMSInformation about an existing KMS.

type MasterSecret ¶

type MasterSecret struct {
	Key  []byte `json:"key"`
	Salt []byte `json:"salt"`
}

MasterSecret holds the master key and salt for deriving keys.

func (*MasterSecret) EncodeToURI ¶

func (m *MasterSecret) EncodeToURI() string

EncodeToURI returns an URI encoding the master secret.

Source Files ¶

View all Source files

setup.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL