Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More clarifications around sealing key renewal #356

Merged
merged 3 commits into from
Feb 18, 2020
Merged

More clarifications around sealing key renewal #356

merged 3 commits into from
Feb 18, 2020

Conversation

mkmik
Copy link
Collaborator

@mkmik mkmik commented Feb 18, 2020

No description provided.

@mkmik mkmik requested a review from atomatt February 18, 2020 11:47
mkmik
mkmik commented Feb 18, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
mkmik
mkmik commented Feb 18, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
mkmik
mkmik commented Feb 18, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
mkmik
mkmik commented Feb 18, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
@weslleycamilo
Copy link

Hi guys,

I've been reading the docs I found and got to this PR which is great to improve the documentation.

What about to include more details about a case of disaster of a K8s cluster 🤔

I've been testing the sealed secrets and I've considering use its key renewal but faced to some steps which I've doubts, some of them:

  • need to re-encrypt everything and I don't know a good way to do it to many secrets once it looks like I'll have to automate it to find all the secrets on kubernetes and re-encrypt it right ? or there is a flag ?

  • If I would like to create my own key and not renew it can I do that ? Would I have this flexibility ? I considered it after not know what to do in case I lose my whole cluster and don't have all the keys which was lost in the broken cluster. So if I have my own key it won't be a problem to encrypt, decrypt and launch a new cluster which can decrypt my sealedsecrets to the cluster from github whith Fluxcd.

@mkmik
Copy link
Collaborator Author

mkmik commented Feb 18, 2020

bors r+

bors bot added a commit that referenced this pull request Feb 18, 2020
@bors @mkmik
Merge #356
b50dbfb 
356: More clarifications around sealing key renewal r=mkmik a=mkmik



Co-authored-by: Marko Mikulicic <mkm@bitnami.com>
Co-authored-by: mkmik <mkmik@users.noreply.github.com>
@mkmik
Copy link
Collaborator Author

mkmik commented Feb 18, 2020

@weslleycamilo sure, disaster recovery is important and I'd surely like to improve the docs and/or the feature set to make disaster recovery more approachable.

Would you mind creating an issue for that; it's hard to have a good discussion in a non directly related PR that is about to be merged and thus closed.

@weslleycamilo
Copy link

sure @mkmik. Thank you for your feedback.

@bors
Copy link
Contributor

bors bot commented Feb 18, 2020

Build succeeded

@bors bors bot merged commit 7a5cbe8 into master Feb 18, 2020
@bors bors bot deleted the mkmik-patch-1 branch February 18, 2020 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@weslleycamilo weslleycamilo weslleycamilo approved these changes

@atomatt atomatt atomatt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mkmik @weslleycamilo @atomatt