Coder Social home page Coder Social logo

paketo-buildpacks / encrypt-at-rest Goto Github PK

View Code? Open in Web Editor NEW
4.0 7.0 2.0 494 KB

A Cloud Native Buildpack that AES encrypts an application layer and then decrypts it at launch time

License: Apache License 2.0

Go 97.25% Shell 2.75%
cnb encrypt-at-rest all-applications utilities

encrypt-at-rest's Introduction

gcr.io/paketo-buildpacks/encrypt-at-rest

The Paketo Buildpack for Encrypt At Rest is a Cloud Native Buildpack that AES encrypts an application layer and then decrypts it at launch time.

Behavior

This buildpack will participate any of the following conditions are met

  • $BP_EAR_KEY is set to a hex-encoded AES key

The buildpack will do the following:

  • AES encrypts the contents of <APPLICATION_ROOT> using Cipher Feedback (CFB) mode and a randomly generated initial vector
  • Removes the source code in <APPLICATION_ROOT>
  • Contributes a profile.d script the decrypts the application before launching

Configuration

Environment Variable Description
$BP_EAR_KEY Configure the AES key to use at build time.
$BPL_EAR_KEY Configure the AES key to use at launch time.

License

This buildpack is released under version 2.0 of the Apache License.

encrypt-at-rest's People

Contributors

anthonydahanne avatar dependabot[bot] avatar dmikusa avatar ekcasey avatar joshuatcasey avatar nebhale avatar paketo-bot avatar pivotal-david-osullivan avatar twoseat avatar

Stargazers

avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

devopstoday11 joshuatcasey

encrypt-at-rest's Issues

buildpack currentlly failes with unable to create encrypt layer

What happened?

using the Spring gradle plugin to trigger a boot build image and enabling the encrypt at rest buildpack fails.
Not quite sure if I'm the one who configured it wrong, but an example would most definitely help.

  • What were you attempting to do?
    build an image

  • What did you expect to happen?
    successful build

  • What was the actual behavior? Please provide log output, if possible.

 > Pulling builder image 'docker.io/paketobuildpacks/builder:base' ..................................................
 > Pulled builder image 'paketobuildpacks/builder@sha256:01a1cd2e44148a5d6c1855519cf1825011af084467afa6e693b9c0c5ea33218b'
 > Pulling run image 'docker.io/paketobuildpacks/run:base-cnb' ..................................................
 > Pulled run image 'paketobuildpacks/run@sha256:c6e071ac324b948037be8f950199e765a6b9eccce4e0b74f83f38755d528f534'
 > Executing lifecycle version v0.11.4
 > Using build cache volume 'pack-cache-3db12ba7ead9.build'

 > Running creator
    [creator]     ===> DETECTING
    [creator]     7 of 18 buildpacks participating
    [creator]     paketo-buildpacks/ca-certificates       2.4.0
    [creator]     paketo-buildpacks/bellsoft-liberica     8.4.0
    [creator]     paketo-buildpacks/executable-jar        5.2.0
    [creator]     paketo-buildpacks/dist-zip              4.2.0
    [creator]     paketo-buildpacks/spring-boot           4.5.0
    [creator]     paketo-buildpacks/encrypt-at-rest       3.2.0
    [creator]     paketo-buildpacks/environment-variables 3.2.0
    [creator]     ===> ANALYZING
    [creator]     Restoring metadata for "paketo-buildpacks/ca-certificates:helper" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/bellsoft-liberica:helper" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/bellsoft-liberica:java-security-properties" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/bellsoft-liberica:jre" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/spring-boot:helper" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/spring-boot:spring-cloud-bindings" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/spring-boot:web-application-type" from app image
    [creator]     Restoring metadata for "paketo-buildpacks/environment-variables:environment-variables" from app image
    [creator]     ===> RESTORING
    [creator]     ===> BUILDING
    [creator]     
    [creator]     Paketo CA Certificates Buildpack 2.4.0
    [creator]       https://github.com/paketo-buildpacks/ca-certificates
    [creator]       Launch Helper: Reusing cached layer
    [creator]     
    [creator]     Paketo BellSoft Liberica Buildpack 8.4.0
    [creator]       https://github.com/paketo-buildpacks/bellsoft-liberica
    [creator]       Build Configuration:
    [creator]         $BP_JVM_TYPE                 JRE             the JVM type - JDK or JRE
    [creator]         $BP_JVM_VERSION              11.*            the Java version
    [creator]       Launch Configuration:
    [creator]         $BPL_HEAP_DUMP_PATH                          write heap dumps on error to this path
    [creator]         $BPL_JVM_HEAD_ROOM           0               the headroom in memory calculation
    [creator]         $BPL_JVM_LOADED_CLASS_COUNT  35% of classes  the number of loaded classes in memory calculation
    [creator]         $BPL_JVM_THREAD_COUNT        250             the number of threads in memory calculation
    [creator]         $JAVA_TOOL_OPTIONS                           the JVM launch flags
    [creator]       BellSoft Liberica JRE 11.0.12: Reusing cached layer
    [creator]       Launch Helper: Reusing cached layer
    [creator]       Java Security Properties: Reusing cached layer
    [creator]     
    [creator]     Paketo Executable JAR Buildpack 5.2.0
    [creator]       https://github.com/paketo-buildpacks/executable-jar
    [creator]       Class Path: Contributing to layer
    [creator]         Writing env/CLASSPATH.delim
    [creator]         Writing env/CLASSPATH.prepend
    [creator]       Process types:
    [creator]         executable-jar: java org.springframework.boot.loader.JarLauncher (direct)
    [creator]         task:           java org.springframework.boot.loader.JarLauncher (direct)
    [creator]         web:            java org.springframework.boot.loader.JarLauncher (direct)
    [creator]     
    [creator]     Paketo Spring Boot Buildpack 4.5.0
    [creator]       https://github.com/paketo-buildpacks/spring-boot
    [creator]       Creating slices from layers index
    [creator]         dependencies
    [creator]         spring-boot-loader
    [creator]         snapshot-dependencies
    [creator]         application
    [creator]       Launch Helper: Reusing cached layer
    [creator]       Spring Cloud Bindings 1.8.0: Reusing cached layer
    [creator]       Web Application Type: Reusing cached layer
    [creator]       4 application slices
    [creator]       Image labels:
    [creator]         org.opencontainers.image.title
    [creator]         org.opencontainers.image.version
    [creator]         org.springframework.boot.version
    [creator]     
    [creator]     Paketo Encrypt-at-Rest Buildpack 3.2.0
    [creator]       https://github.com/paketo-buildpacks/encrypt-at-rest
    [creator]     
    [creator]     Paketo Encrypt-at-Rest Buildpack 3.2.0
    [creator]       unable to create encrypt layer
    [creator]       unable to create file listing for /workspace
    [creator]       unable to create file listing
    [creator]       error walking path /workspace
    [creator]       unable to stat file /layers/paketo-buildpacks_spring-boot/spring-cloud-bindings/spring-cloud-bindings-1.8.0.jar
    [creator]       stat /layers/paketo-buildpacks_spring-boot/spring-cloud-bindings/spring-cloud-bindings-1.8.0.jar: no such file or directory
    [creator]     ERROR: failed to build: exit status 1

Build Configuration

bootBuildImage {
    builder = "paketobuildpacks/builder:base"
    environment = mapOf(
        "BP_JVM_VERSION" to "11.*",
        "BPE_SPRING_PROFILES_ACTIVE" to "prod", // Set active profile to 'prod' in image
        "BP_EAR_KEY" to "61626364656667683132333435363738",
        "BPL_EAR_KEY" to "61626364656667683132333435363738"
    )
    imageName = "someImage:${project.version}"
}

  • What platform (pack, kpack, tekton buildpacks plugin, etc.) are you
    using? Please include a version.
    buildpack plugin of gradle from Spring Boot 2.5.4

  • What buildpacks are you using? Please include versions.

paketobuildpacks/builder@sha256:01a1cd2e44148a5d6c1855519cf1825011af084467afa6e693b9c0c5ea33218b
paketobuildpacks/run@sha256:c6e071ac324b948037be8f950199e765a6b9eccce4e0b74f83f38755d528f534

  • What builder are you using? If custom, can you provide the output from pack inspect-builder <builder>?

  • Can you provide a sample app or relevant configuration (buildpack.yml,
    nginx.conf, etc.)?

Checklist

  • I have included log output.
  • The log output includes an error message.
  • I have included steps for reproduction.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.