SecureComms: Add support daemonConfig #2065
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
c04060f to
fb0eee2
Compare
fb0eee2 to
540bcff
Compare
|
/hold |
540bcff to
2a572ab
Compare
|
/unhold |
f464fe6 to
aadaddc
Compare
688ee74 to
88f14cd
Compare
|
cc: @bpradipt |
4dbf850 to
de4bd7c
Compare
8c7eb3c to
d9a4dac
Compare
fb72ef1 to
6fd8d61
Compare
|
@yoheiueda, @stevenhorsman, @bpradipt This PR adds the ability to configure SecureComms by auto-generating secrets, the same way it is done today by TLS. Since it is aligned with the existing TLS mechanisms and follow the same design and footsteps for the delivery of the secrets, I hope we can merge it without delay. @bpradipt has indicated that this PR aligns SecureComms with TLS such that all TLS use cases apparently are now also covered by SecureComms. This may lead to a further discussion about moving away from the less secure TLS option for maintainability (maybe best to do after we merge #2089). |
bpradipt
reviewed
Nov 15, 2024
bpradipt
reviewed
Nov 15, 2024
bpradipt
reviewed
Nov 15, 2024
6fd8d61 to
5224bc4
Compare
bpradipt
reviewed
Nov 21, 2024
24bbd2d to
1895a0b
Compare
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
bpradipt
reviewed
Nov 23, 2024
603b4b9 to
918fad4
Compare
10c6630 to
cf46204
Compare
|
@davidhadas - can you rebase this PR please to pick up the check links fix. Thanks! |
cf46204 to
1604f7b
Compare
Support configuring the APF Secure Comms from the CAA side including: - WN public Key - PP private key - Activating Secure Comms - inbouns and outbounds of th PP This is useful for activating Secure Comms from the CAA and without Trustee. It can be used for Testing without producing dedicated podvms which activate Secure Comms and set Inbounds/Outbounds by default. It can also be used for non-Coco peerpods. Signed-off-by: David Hadas <david.hadas@gmail.com>
1604f7b to
e513a0a
Compare
stevenhorsman
approved these changes
Nov 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See:
Support configuring the APF Secure Comms from the CAA side including:
This is useful for activating Secure Comms from the CAA and without Trustee. It can be used for Testing without producing dedicated podvms which activate Secure Comms and set Inbounds/Outbounds by default. It can also be used for non-Coco peerpods.