Encrypted parameter copying with fluxcd - disable authenticated encryption #1774
Comments
|
I personally don't think this should be supported, since this is reducing security. (Similar to #52.)
I don't know how flux/kustomize works, but I would suggest to instead of patching encrypted files together, to simply decrypt, combine the files, and then re-encrypt. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usecase
We're trying to use sops as part of a FluxCD based gitops setup. In this setup, we're trying to mimic the behavior of helm chart values files, where the user doing the deployment of a new application only needs to fill out a Kubernetes Custom Resource we call customer questionnaire, and the data from there is copied into the various appropriate Deployments, Services, Configmaps, Secrets via the Flux kustomize controller. The customer questionnaire also asks for sensitive information pieces like initial passwords, so it needs to be encrypted before committing it to Git.
Problem statement
When the kustomize process inside FluxCD kustomize controller is trying to copy encrypted keys to other files, the decryption procedure fails because during encryption the yaml path of the key is provided as additional authenticated data to the AES cipher, and during decryption, the ciphertext is found in a different file under a different yaml path.
Note: The kustomize controller already uses the --ignore-mac parameter during decryption, so file level integrity checks are not causing an issue with parameter copying.
Solution proposal
Similarly to the
--mac-only-encryptedcommand during encryption, allow for an additional parameter during encryption along the lines of--no-path-enforcement, which would also be stored as part of the sops metadata. The flag would mean that the AES cipher doesn't get any addition authenticated data fed into it during encryption and decryption procedures.The text was updated successfully, but these errors were encountered: