Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Support BYOK for deployments #827

Open
frasdav opened this issue Jul 8, 2024 · 1 comment
Open

[Feature] Support BYOK for deployments #827

frasdav opened this issue Jul 8, 2024 · 1 comment
Labels
enhancement New feature or request
Milestone
0.13.0

Comments

@frasdav
Copy link

frasdav commented Jul 8, 2024

Overview

Add support for setting customer-managed encryption key as part of the ec_deployment resource.

The POST /api/v1/deployments API accepts this currently as settings.byok.key_resource_path:

{
  "resources": {
    # Omitted for brevity
  },
  "settings": {
    "autoscaling_enabled": false,
    "byok": {
      "key_resource_path": "arn:some:key"
    }
  },
  "name": "My deployment",
  "metadata": {
    "system_owned": false
  }
}

Possible Implementation

Testing

Context

Workaround to create a deployment with a customer-managed encryption key without this feature is messy.

3 distinct TF deployments:

  1. Deploys KMS key and policy, one off
  2. Execs null resource to run curl against EC API to deploy a minimal cluster with CMK in right region, outputs cluster ID, must only be run once
  3. Takes an optional cluster ID, if passed it imports the cluster and resets elastic PW, then mushes it into the shape of TF config and takes over going forward

End result is what looks like a normal TF deployed cluster but with CMK enabled.

Your Environment

N/A
@frasdav frasdav added the enhancement New feature or request label Jul 8, 2024
@seam-ctooley
Copy link

+1 this is a real pain for my team

@Kushmaro Kushmaro changed the title Add support for setting customer-managed encryption key as part of the ec_deployment resource [Feature] Support BYOK for deployments Sep 27, 2024
@Kushmaro Kushmaro added this to the 0.13.0 milestone Sep 27, 2024
@Kushmaro Kushmaro mentioned this issue Jan 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
0.13.0
Development

No branches or pull requests
3 participants
@frasdav @Kushmaro @seam-ctooley