Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Added support for encrypting the database and bucket with CMK #100

Merged
merged 44 commits into from
Jul 23, 2024
Merged

feat: Added support for encrypting the database and bucket with CMK #100

merged 44 commits into from
Jul 23, 2024

Conversation

amanpruthi
Copy link
Collaborator

…naged key

@amanpruthi amanpruthi requested a review from gls4 as a code owner February 21, 2024 12:00
@amanpruthi amanpruthi requested a review from a team February 21, 2024 12:00
@amanpruthi amanpruthi requested a review from a team as a code owner February 21, 2024 12:00
gls4
gls4 suggested changes Feb 21, 2024
View reviewed changes
@amanpruthi amanpruthi changed the title Added support for encrypting the database and bucket with CMK feat: Added support for encrypting the database and bucket with CMK Feb 23, 2024
@gls4

This comment was marked as resolved.

Sign in to view
@gls4
Copy link
Contributor

gls4 commented Mar 5, 2024
edited
Loading

When applying these changes against an instance built using the main branch, I get the errors below. Once these are fixed, I can move to testing.

╷
│ Error: Duplicate local value definition
│ 
│   on ../../main.tf line 35, in locals:
│   35:   deployment_size = {
│   36:     small = {
│   37:       db            = "db-n1-highmem-2",
│   38:       node_count    = 2,
│   39:       node_instance = "n2-highmem-4"
│   40:       cache         = "Standard 6 GB"
│   41:     },
│   42:     medium = {
│   43:       db            = "db-n1-highmem-4",
│   44:       node_count    = 2,
│   45:       node_instance = "n2-highmem-4"
│   46:       cache         = "Standard 6 GB"
│   47:     },
│   48:     large = {
│   49:       db            = "db-n1-highmem-8",
│   50:       node_count    = 2,
│   51:       node_instance = "n2-highmem-8"
│   52:       cache         = "Standard 13 GB"
│   53:     },
│   54:     xlarge = {
│   55:       db            = "db-n1-highmem-16",
│   56:       node_count    = 3,
│   57:       node_instance = "n2-highmem-8"
│   58:       cache         = "Standard 13 GB"
│   59:     },
│   60:     xxlarge = {
│   61:       db            = "db-n1-highmem-32",
│   62:       node_count    = 3,
│   63:       node_instance = "n2-highmem-16"
│   64:       cache         = "Standard 26 GB"
│   65:     }
│   66:   }
│ 
│ A local value named "deployment_size" was already defined at ../../deployment-size.tf:3,3-34,4. Local value names must be unique within a module.
╵

@jsbroks jsbroks linked an issue Apr 30, 2024 that may be closed by this pull request
Add support for encrypting the database and bucket with customer managed key #96
Closed
jsbroks
jsbroks reviewed May 6, 2024
View reviewed changes
@amanpruthi amanpruthi enabled auto-merge (squash) June 24, 2024 09:59
@amanpruthi amanpruthi disabled auto-merge June 24, 2024 10:00
@zacharyblasczyk
Copy link
Contributor

Summary of Scenarios:

  1. Use Default Keys:

    • bucket_default_encryption true: kms_default_bucket is created and used.
    • sql_default_encryption true: kms_default_sql is created and used.

  2. Use Custom-Provided Keys:

    • bucket_kms_key_id provided: Used unless bucket_default_encryption is true.
    • db_kms_key_id provided: Used unless sql_default_encryption is true.

  3. No Encryption or Internal Queue:

    • use_internal_queue true: effective_crypto_key is null and kms module is not created.
    • If false and db_kms_key_id is null: Use module.kms[0].crypto_key.

@zacharyblasczyk zacharyblasczyk merged commit 7802e3c into main Jul 23, 2024
6 checks passed
@zacharyblasczyk zacharyblasczyk deleted the aman/issue-96 branch July 23, 2024 15:02
jsbroks pushed a commit that referenced this pull request Jul 23, 2024
@semantic-release-bot
chore(release): version 5.1.0 [skip ci]
72d75e2 
## [5.1.0](v5.0.1...v5.1.0) (2024-07-23)

### Features

* Added support for encrypting the database and bucket with CMK ([#100](#100)) ([7802e3c](7802e3c))
@jsbroks
Copy link
Member

jsbroks commented Jul 23, 2024

This PR is included in version 5.1.0 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielpanzella danielpanzella danielpanzella approved these changes

@zacharyblasczyk zacharyblasczyk zacharyblasczyk approved these changes

@gls4 gls4 Awaiting requested review from gls4

@jsbroks jsbroks Awaiting requested review from jsbroks

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for encrypting the database and bucket with customer managed key
5 participants
@amanpruthi @gls4 @zacharyblasczyk @jsbroks @danielpanzella