[identity][docker] Add option to generate opaque keypair
ClosedPublic
Actions

Authored by bartek on Oct 17 2023, 5:36 AM.

Details

Reviewers

varun
michal
• jon

Commits

rCOMMe0b5a8e71bd7: [identity][docker] Add option to generate opaque keypair

Summary

I'm aware that this functionality existed before, but was removed in D8580. Now I'm reintroducing it but making opt-in.
For commtest being run as a docker container that depends on identity, the easisest way is to generate the opaque server setup during image build.

Depends on D9507

Test Plan

docker compose build identity-server creates unchanged image
docker compose build --build-arg 'generate_keypair=true' adds additional layer and generates secrets/server_setup.txt

Image layers can be checked using e.g. the dive tool: dive commapp/identity-server.

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

bartek created this revision.Oct 17 2023, 5:36 AM

bartek held this revision as a draft.

Herald added a reviewer: • jon. · View Herald TranscriptOct 17 2023, 5:37 AM

Herald added subscribers: will, tomek, ashoat. · View Herald Transcript

bartek added a child revision: D9509: [blob] Add CLI option to enable auto-deletion.Oct 17 2023, 5:41 AM

Harbormaster completed remote builds in B23283: Diff 32074.Oct 17 2023, 5:54 AM

bartek mentioned this in D9512: [services] Add docker-compose overrides for tests.Oct 17 2023, 5:57 AM

bartek published this revision for review.Oct 17 2023, 6:00 AM

varun accepted this revision.Oct 17 2023, 11:09 AM

This revision is now accepted and ready to land.Oct 17 2023, 11:09 AM

Closed by commit rCOMMe0b5a8e71bd7: [identity][docker] Add option to generate opaque keypair (authored by bartek). · Explain WhyOct 20 2023, 9:22 AM

This revision was automatically updated to reflect the committed changes.

bartek added a commit: rCOMMe0b5a8e71bd7: [identity][docker] Add option to generate opaque keypair.

bartek mentioned this in rCOMMf8477adb619e: [services] Add docker-compose overrides for tests.

Revision Contents
Changeset List

Path

Size

services/

identity/

Dockerfile

4 lines

Diff 32278

View Options

services/identity/Dockerfile

This file was copied from web/flow-typed/web-crypto.js.

Show First 20 Lines • Show All 273 Lines • ▼ Show 20 Lines	wrapKey(
wrapAlgorithm:		wrapAlgorithm:
\| SubtleCrypto$RsaOaepParams		\| SubtleCrypto$RsaOaepParams
\| SubtleCrypto$AesCtrParams		\| SubtleCrypto$AesCtrParams
\| SubtleCrypto$AesCbcParams		\| SubtleCrypto$AesCbcParams
\| SubtleCrypto$AesGcmParams		\| SubtleCrypto$AesGcmParams
\| 'AES-KW',		\| 'AES-KW',
): Promise<ArrayBuffer>;		): Promise<ArrayBuffer>;
}		}

declare var crypto: Crypto;
declare var msCrypto: Crypto;
declare var webkitCrypto: Crypto;

[identity][docker] Add option to generate opaque keypairClosedPublicActions