-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocicrypt for KMS and TPM #102
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
not an issue but thought i'd add it here incase anyone is interested.
a bit ago if fiddled with ocicrypt key providers and came up with basic (alpha quality, charitably) ways to support ocicrypt with KMS (GCP for now) and TPM
https:/salrashid123/ocicrypt-kms-keyprovider
allows you to encrypt a layer with GCP KMS
https:/salrashid123/ocicrypt-tpm-keyprovider
allows you to encrypt an image remotely with a TPM's endorsement publicc key (EKPub). image is encrypted in such a way that it can only get decrypted on that tpm that owns the EK. You can also encrypt it remotely such that the target machine is in a specific state (as described by PCR values)
The text was updated successfully, but these errors were encountered: