ocicrypt icon indicating copy to clipboard operation
ocicrypt copied to clipboard
verified publisher icon containers

ocicrypt for KMS and TPM

Open salrashid123 opened this issue 2 years ago • 0 comments

not an issue but thought i'd add it here incase anyone is interested.

a bit ago if fiddled with ocicrypt key providers and came up with basic (alpha quality, charitably) ways to support ocicrypt with KMS (GCP for now) and TPM

  • https://github.com/salrashid123/ocicrypt-kms-keyprovider

    allows you to encrypt a layer with GCP KMS

  • https://github.com/salrashid123/ocicrypt-tpm-keyprovider

    allows you to encrypt an image remotely with a TPM's endorsement publicc key (EKPub). image is encrypted in such a way that it can only get decrypted on that tpm that owns the EK. You can also encrypt it remotely such that the target machine is in a specific state (as described by PCR values)

salrashid123 avatar Dec 12 '23 14:12 salrashid123