Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-20 07:25:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

use suffix for emergency ssh DEK key

Browse Source
This commit is contained in:
miampf 2025-01-09 12:18:47 +01:00
parent 2a7408bc16
commit 9363206662
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli/internal/cmd/ssh.go
View File

@ -72,7 +72,7 @@ func runSSH(cmd *cobra.Command, _ []string) error {
if err != nil {
return fmt.Errorf("Failed to set up key management service: %s", err)
}
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix, 256)
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, 256)
if err != nil {
return fmt.Errorf("Failed to retrieve key from key management service: %s", err)
}

2
internal/constants/constants.go
View File

@ -42,6 +42,8 @@ const (
DefaultWorkerGroupName = "worker_default"
// CLIDebugLogFile is the name of the debug log file for constellation init/constellation apply.
CLIDebugLogFile = "constellation-debug.log"
// SSHCAKeySuffix is the suffix used together with the DEKPrefix to derive an SSH CA key for emergency ssh access.
SSHCAKeySuffix = "ca_emergency_ssh"
//
// Ports.