You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
rabbitstack opened this issue
Mar 1, 2021
· 0 comments
Labels
needs: configIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesscope: kcapAnything related to captures
In stringent security environments, it might be desirable to encrypt all the capture data including processes, handles, and, of course, kernel events. For this purpose, the kcap configuration section should get a couple of new attributes including the encryption algorithm (e.g. aes) and the actual encryption key. We should provide the ability to load the key from alternative sources, e.g. environment variables or vault stores. The encryption algorithm will get stored in the capture flags bitset that is part of the kcap header, so we can effectively compare the algorithm that was used to encrypt the kcap with the one that is specified in the configuration and bail out when they differ.
needs: configIndicates the issue requires changes in the config file/flagsneeds: docsIndicates that the issue needs documentation updatesscope: kcapAnything related to captures
Description
In stringent security environments, it might be desirable to encrypt all the capture data including processes, handles, and, of course, kernel events. For this purpose, the
kcap
configuration section should get a couple of new attributes including the encryption algorithm (e.g. aes) and the actual encryption key. We should provide the ability to load the key from alternative sources, e.g. environment variables or vault stores. The encryption algorithm will get stored in the capture flags bitset that is part of the kcap header, so we can effectively compare the algorithm that was used to encrypt the kcap with the one that is specified in the configuration and bail out when they differ.References
https://golang.org/pkg/crypto/cipher/
https://golang.org/pkg/crypto/rsa/
https://github.com/hashicorp/vault/tree/master/api
The text was updated successfully, but these errors were encountered: