ocicrypt for KMS and TPM

not an issue but thought i'd add it here incase anyone is interested.

a  bit ago if fiddled with ocicrypt key providers and came up with basic (alpha quality, charitably) ways to support ocicrypt with KMS (GCP for now) and TPM 


* https://github.com/salrashid123/ocicrypt-kms-keyprovider

   allows you to encrypt a layer with GCP KMS 


* https://github.com/salrashid123/ocicrypt-tpm-keyprovider
   
   allows you to encrypt an image remotely with a TPM's endorsement publicc key (EKPub).  image is encrypted in such a way that it can only get decrypted on *that* tpm that owns the EK.  You can also encrypt it remotely such that the target machine is in a specific state (as described by PCR values)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ocicrypt for KMS and TPM #102

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ocicrypt for KMS and TPM #102

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions