Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CMK support for core resources #4149

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

Add CMK support for core resources #4149

wants to merge 25 commits into from

Conversation

yuvalyaron
Copy link
Collaborator

@yuvalyaron yuvalyaron commented Nov 19, 2024
edited
Loading

Resolves #4142, #4143

What is being addressed

Added CMK support for Storage accounts and VM storage disks for core TRE resources.
Added the option to use an external Key Vault to store the CMKs

Important: Note that there is still work to be done for completing #4002

How is this addressed

users set enable_cmk_encryption: true in the config.yaml,
and either encryption_kv_name or external_key_store_id for the key vault.

Matthew Fortunka and others added 16 commits September 9, 2024 11:04
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 19, 2024
edited
Loading

Unit Test Results

0 tests   0 ✅  0s ⏱️
0 suites  0 💤
0 files    0 ❌

Results for commit c05f752.

♻️ This comment has been updated with latest results.

@yuvalyaron
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/11916800932 (with refid afeb06a0)

(in response to this comment from @yuvalyaron)

@yuvalyaron
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/11923480499 (with refid afeb06a0)

(in response to this comment from @yuvalyaron)

@yuvalyaron
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/11923684873 (with refid afeb06a0)

(in response to this comment from @yuvalyaron)

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/11923684873 (with refid afeb06a0)

(in response to this comment from @yuvalyaron)

@yuvalyaron
Copy link
Collaborator Author

/test-extended

@github-actions GitHub Actions
Copy link

🤖 pr-bot 🤖

🏃 Running extended tests: https://github.com/microsoft/AzureTRE/actions/runs/11930799088 (with refid afeb06a0)

(in response to this comment from @yuvalyaron)

@yuvalyaron yuvalyaron enabled auto-merge (squash) November 20, 2024 13:07
guybartal
guybartal reviewed Nov 21, 2024
View reviewed changes
devops/terraform/cmk_encryption.tf
key_type = "RSA"
key_size = 2048

key_opts = [
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if the key is not used only for encryption / decryption, consider naming the module not cmk_encyption but more generic name

guybartal
guybartal approved these changes Nov 21, 2024
View reviewed changes
Copy link
Contributor

@guybartal guybartal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with few comments

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guybartal guybartal guybartal approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CMK support for resources that support it in core (storage accounts, storage disks)
2 participants
@yuvalyaron @guybartal