Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-26 08:45:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

use suffix for emergency ssh DEK key

Browse source
This commit is contained in:
miampf 2025-01-09 12:18:47 +01:00
parent 2a7408bc16
commit 9363206662
No known key found for this signature in database
GPG key ID: EF039364B5B6886C
2 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
cli/internal/cmd/ssh.go
View file

@ -72,7 +72,7 @@ func runSSH(cmd *cobra.Command, _ []string) error {
if err != nil { if err != nil {
return fmt.Errorf("Failed to set up key management service: %s", err) return fmt.Errorf("Failed to set up key management service: %s", err)
} }
key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix, 256) key, err := kms.GetDEK(cmd.Context(), crypto.DEKPrefix+constants.SSHCAKeySuffix, 256)
if err != nil { if err != nil {
return fmt.Errorf("Failed to retrieve key from key management service: %s", err) return fmt.Errorf("Failed to retrieve key from key management service: %s", err)
} }

2
internal/constants/constants.go
View file

@ -42,6 +42,8 @@ const (
DefaultWorkerGroupName = "worker_default" DefaultWorkerGroupName = "worker_default"
// CLIDebugLogFile is the name of the debug log file for constellation init/constellation apply. // CLIDebugLogFile is the name of the debug log file for constellation init/constellation apply.
CLIDebugLogFile = "constellation-debug.log" CLIDebugLogFile = "constellation-debug.log"
// SSHCAKeySuffix is the suffix used together with the DEKPrefix to derive an SSH CA key for emergency ssh access.
SSHCAKeySuffix = "ca_emergency_ssh"
// //
// Ports. // Ports.