Skip to content

Secret Store#210

Merged
mgattozzi merged 1 commit into
mainfrom
joeshaw/secret-store
Jan 20, 2023
Merged

Secret Store#210
mgattozzi merged 1 commit into
mainfrom
joeshaw/secret-store

Conversation

@joeshaw
Copy link
Copy Markdown
Member

@joeshaw joeshaw commented Dec 1, 2022
edited
Loading

This introduces types and hostcalls for the Secret Store, and implements
them in Viceroy, along with configuration to instantiate them.

In Compute@Edge, a Secret Store is an encrypted, read-only key-value
store for sensitive data. In Viceroy, however, it is a simple
unencrypted in-memory map defined in the fastly.toml file in a
manner similar to Object Stores.

At a high level, a Wasm application using the APIs would:

  1. Open a secret store by name
  2. Get a secret from the store by name
  3. Decrypt the secret by calling its plaintext method.

In Viceroy, Secret Stores are configured in the same way Object Stores
are:

[local_server]
  [local_server.secret_store]
    store_one = [{key = "first", data = "This is some secret data"}, {key = "second", path = "/path/to/secret.json"}]

    [[local_server.secret_store.store_two]]
      key = "first"
      data = "This is also some secret data"

    [[local_server.secret_store.store_two]]
      key = "second"
      path = "/path/to/other/secret.json"

@joeshaw joeshaw requested a review from cratelyn December 1, 2022 16:54
@joeshaw joeshaw mentioned this pull request Dec 1, 2022
Merged
awilliams-fastly added a commit to fastly/cli that referenced this pull request Dec 5, 2022
@awilliams-fastly
Add support for TOML secret_store section
42f328d 
Viceroy is being updated with support for a new `local_server.secret_store` configuration section.
This change adds support for this new section in the manifest.

Viceroy change:
fastly/Viceroy#210

Related change:
#717
awilliams-fastly added a commit to fastly/cli that referenced this pull request Dec 5, 2022
@awilliams-fastly
Add support for TOML secret_store section
419a843 
Viceroy is being updated with a new `local_server.secret_store` configuration section. Viceroy change:
fastly/Viceroy#210

This change adds support for the new Secret Store configuration section.

Related change:
#717
@awilliams-fastly awilliams-fastly mentioned this pull request Dec 5, 2022
Merged
awilliams-fastly added a commit to fastly/cli that referenced this pull request Dec 6, 2022
@awilliams-fastly
Add support for TOML secret_store section (#726)
be77d21 
Viceroy is being updated with a new `local_server.secret_store` configuration section. Viceroy change:
fastly/Viceroy#210

This change adds support for the new Secret Store configuration section.

Related change:
#717
@mgattozzi
Copy link
Copy Markdown
Contributor

mgattozzi commented Dec 8, 2022

Hey @joeshaw I took a look and this is amazingly well done. I do see it's trying to merge it into the acf/finish-streaming-bodies branch right now so we should probably hold off until that's merged and then set this PR to merge into main instead after that's in, otherwise I think these changes have solid comprehensive test coverage and they're passing so I think we should be okay.

@joeshaw
Copy link
Copy Markdown
Member Author

joeshaw commented Dec 8, 2022

@mgattozzi Sounds good! Yeah, I wasn't planning this land this until the other branch has landed. Once that branch is landed, this PR should automatically re-target main.

@awilliams-fastly
Copy link
Copy Markdown
Member

awilliams-fastly commented Dec 21, 2022

Adding a reminder for us to update https://developer.fastly.com/reference/compute/fastly-toml/#local-server

@acfoltzer acfoltzer force-pushed the acf/finish-streaming-bodies branch from d324cb9 to b642740 Compare January 18, 2023 18:08
@joeshaw joeshaw force-pushed the joeshaw/secret-store branch from 640fe10 to 17fdd6e Compare January 18, 2023 19:44
Base automatically changed from acf/finish-streaming-bodies to main January 18, 2023 22:42
@joeshaw joeshaw force-pushed the joeshaw/secret-store branch from 17fdd6e to 080f558 Compare January 18, 2023 22:47
@joeshaw
Copy link
Copy Markdown
Member Author

joeshaw commented Jan 18, 2023

@mgattozzi With #203 having been merged and the 0.9.1 Rust SDK having been tagged, this should be ready to merge.

@joeshaw
define and implement Secret Store ABI
b85d3d8 
This introduces types and hostcalls for the Secret Store, and implements
them in Viceroy, along with configuration to instantiate them.

In Compute@Edge, a Secret Store is an encrypted, read-only key-value
store for sensitive data.  In Viceroy, however, it is a simple
unencrypted in-memory map defined in the `fastly.toml` file in a
manner similar to Object Stores.

At a high level, a Wasm application using the APIs would:
1. Open a secret store by name
2. Get a secret from the store by name
3. Decrypt the secret by calling its `plaintext` method.

In Viceroy, Secret Stores are configured in the same way Object Stores
are:

```toml
[local_server]
  [local_server.secret_store]
    store_one = [{key = "first", data = "This is some secret data"}, {key = "second", path = "/path/to/secret.json"}]

    [[local_server.secret_store.store_two]]
      key = "first"
      data = "This is also some secret data"

    [[local_server.secret_store.store_two]]
      key = "second"
      path = "/path/to/other/secret.json"
```
@joeshaw joeshaw force-pushed the joeshaw/secret-store branch from 080f558 to b85d3d8 Compare January 19, 2023 21:46
@joeshaw
Copy link
Copy Markdown
Member Author

joeshaw commented Jan 19, 2023
edited
Loading

Rebased on main, which switched to Wasmtime 4.0.0 and required some tweaks (#217)

@mgattozzi mgattozzi self-requested a review January 20, 2023 15:53
mgattozzi
mgattozzi approved these changes Jan 20, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@mgattozzi mgattozzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joeshaw thanks for rebasing things and getting it set to merge into main. I think this is ready to go!

@mgattozzi mgattozzi merged commit 05247c4 into main Jan 20, 2023
@mgattozzi mgattozzi deleted the joeshaw/secret-store branch January 20, 2023 16:00
@joeshaw joeshaw mentioned this pull request Jan 20, 2023
Merged
@fgsch fgsch mentioned this pull request May 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cratelyn cratelyn Awaiting requested review from cratelyn

1 more reviewer

@mgattozzi mgattozzi mgattozzi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joeshaw @mgattozzi @awilliams-fastly