Skip to content

dmitsh/aks-wrap-key-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
deployment
deployment
 
 
scripts
scripts
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
secret.txt
secret.txt
 
 

Repository files navigation

Demo: wrapped key in AKS with AKV

Use case

  • A user wraps (encrypts) a symmetric key with a public key
  • The wrapped key is stored in AKV
  • The user deploys AKS cluster and provisions corresponding private key in the container (to be implemented by SKR)
  • The wrapped key is mounted using Azure Secrets Store CSI
  • The application flow within the contained unwraps the symetric key and decrypts data

Prerequisites

  • Running docker engine
  • An Azure Service Principal
  • An AKV instance configured to allow acces for the Service Principal

Demo

Initialize environment:

  • export service principal id and password (SP_ID, SP_PWD)
  • export tenant id (TENANT_ID)
  • export keyvault name (KV_NAME)
  • optionally, export resource group name (RGROUP), deployment location (LOC), and AKS cluster name (AKS)
export SP_ID=<service principal id>
export SP_PWD=<service principal password>
export TENANT_ID=<tenant id>
export KV_NAME=<keyvault name>

Create AKS cluster:

make create-cluster

Generate keys and encrypt data:

make create-keys

Deploy dependencies and user application:

make bootstrap-cluster

Run the test scenario:

make test

You should expect the following output:

$ make test
./scripts/demo.sh -t
Run test
Test passed

Clean up:

make delete-cluster
make clean

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages