Encrypt kcap #52
Labels
needs: config
Indicates the issue requires changes in the config file/flags
needs: docs
Indicates that the issue needs documentation updates
scope: kcap
Anything related to captures
Comments
rabbitstack
added
needs: docs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In stringent security environments, it might be desirable to encrypt all the capture data including processes, handles, and, of course, kernel events. For this purpose, the
kcapconfiguration section should get a couple of new attributes including the encryption algorithm (e.g. aes) and the actual encryption key. We should provide the ability to load the key from alternative sources, e.g. environment variables or vault stores. The encryption algorithm will get stored in the capture flags bitset that is part of the kcap header, so we can effectively compare the algorithm that was used to encrypt the kcap with the one that is specified in the configuration and bail out when they differ.References
https://golang.org/pkg/crypto/cipher/
https://golang.org/pkg/crypto/rsa/
https://github.com/hashicorp/vault/tree/master/api
The text was updated successfully, but these errors were encountered: