I want to have a per client namespace and storage in my kubernetes environment where a dedicated instance of app runs per client and only client should be able to encrypt/decrypt the storage being used by that particular client's app. I have seen hundreds of examples on secrets encryption in kubernetes environment but struggling to achieve actual storage encryption that is controlled by the client. is it possible to have a storage encryption in K8s environment where only client has the knowledge of encryption keys (and not the k8s admin) ?
1
There are 1 best solutions below
Related Questions in ENCRYPTION
- Is it possible to get a list of all the pages where I authenticated with my Google OpenID
- integrate login to my sites with OpenId or OAuth
- Use Bearer Token Authentication for API and OpenId authentication for MVC on the same application project
- PHP - Steam API Web Connect OpenID --> No redirect
- Identity Server OAuth Resource Owner Password Grant always returns invalid_client
- Validate an Access Token at the Resource Server and Respond Accordingly
- owin: Catch SecurityTokenExpiredException exception
- What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?
- Implementing Steam OpenID for iOS
- OAuth vs OpenID: confused about when to use one of these and why
Related Questions in KUBERNETES
- Is it possible to get a list of all the pages where I authenticated with my Google OpenID
- integrate login to my sites with OpenId or OAuth
- Use Bearer Token Authentication for API and OpenId authentication for MVC on the same application project
- PHP - Steam API Web Connect OpenID --> No redirect
- Identity Server OAuth Resource Owner Password Grant always returns invalid_client
- Validate an Access Token at the Resource Server and Respond Accordingly
- owin: Catch SecurityTokenExpiredException exception
- What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?
- Implementing Steam OpenID for iOS
- OAuth vs OpenID: confused about when to use one of these and why
Related Questions in KUBERNETES-SECURITY
- Is it possible to get a list of all the pages where I authenticated with my Google OpenID
- integrate login to my sites with OpenId or OAuth
- Use Bearer Token Authentication for API and OpenId authentication for MVC on the same application project
- PHP - Steam API Web Connect OpenID --> No redirect
- Identity Server OAuth Resource Owner Password Grant always returns invalid_client
- Validate an Access Token at the Resource Server and Respond Accordingly
- owin: Catch SecurityTokenExpiredException exception
- What exactly will happen to Google OpenId Connect to OpenID 2.0 mapping on Jan 1, 2017?
- Implementing Steam OpenID for iOS
- OAuth vs OpenID: confused about when to use one of these and why
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The only thing that comes to my mind as suggested already in the comment is hashicorp vault.
Some of the features that you might to check out:
You can access all of its features programatically due to HTTP API. In addition, there are several officially supported libraries for programming languages (Go and Ruby). These libraries make the interaction with the Vault’s API even more convenient. There is also a command-line interface available.
Vault is capable of encrypting/decrypting data without storing it. The main implication from this is if an intrusion occurs, the hacker will not have access to real secrets even if the attack is successful.
Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up. This means that the secret does not exist until it is read.
Vault supports authentication using tokens, which is convenient and secure.
Vault can also be customized and connected to various plugins to extend its functionality. This all can be controlled from web graphical interface.