fix(encryptionKey): align dim and issuerComponent config

Refs: #358

charts/portal/README.md

@@ -473,11 +473,11 @@ dependencies:
 | backend.processesworker.issuerComponent.clientSecret | string | `""` | Client-secret for dim client-id. Secret-key 'issuercomponent-client-secret'. |
 | backend.processesworker.issuerComponent.grantType | string | `"client_credentials"` |  |
 | backend.processesworker.issuerComponent.scope | string | `"openid"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigIndex | int | `0` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.index | int | `0` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'. Expected format is 256 bit (64 digits) hex. |
+| backend.processesworker.dim.encryptionConfigIndex | int | `0` |  |
+| backend.processesworker.dim.encryptionConfigs.index0.index | int | `0` |  |
+| backend.processesworker.dim.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
+| backend.processesworker.dim.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` |  |
+| backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'. Expected format is 256 bit (64 digits) hex. |
 | backend.processesworker.bpnDidResolver.apiKey | string | `""` | ApiKey for management endpoint of the bpnDidResolver. Secret-key 'bpndidresolver-api-key'. |
 | backend.processesworker.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` |  |
 | backend.processesworker.invitation.initialLoginTheme | string | `"catenax-shared"` |  |

charts/portal/templates/cronjob-backend-processes.yaml

@@ -268,18 +268,18 @@ spec:
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
               value: "{{ .Values.portalBackendAddress }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
               valueFrom:
                 secretKeyRef:
                   name: "{{ .Values.backend.interfaces.secret }}"
-                  key: "issuercomponent-encryption-key0"
+                  key: "dim-encryption-key0"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
             - name: "BPNDIDRESOLVER__BASEADDRESS"
               value: "{{ .Values.bpnDidResolver.managementApiAddress }}"
             - name: "BPNDIDRESOLVER__APIKEY"

charts/portal/templates/deployment-backend-administration.yaml

@@ -241,18 +241,18 @@ spec:
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
           value: "{{ .Values.portalBackendAddress }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
           valueFrom:
             secretKeyRef:
               name: "{{ .Values.backend.interfaces.secret }}"
-              key: "issuercomponent-encryption-key0"
+              key: "dim-encryption-key0"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
         - name: "COMPANYDATA__USECASEPARTICIPATIONMEDIATYPES__0"
           value: "{{ .Values.backend.administration.companyData.useCaseParticipationMediaTypes.type0 }}"
         - name: "COMPANYDATA__SSICERTIFICATEMEDIATYPES__0"

charts/portal/templates/secret-backend-interfaces.yaml

@@ -38,13 +38,12 @@ data:
   sdfactory-client-secret: {{ coalesce ( .Values.backend.processesworker.sdfactory.clientSecret | b64enc ) ( index $secret.data "sdfactory-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ coalesce ( .Values.backend.processesworker.offerprovider.clientSecret | b64enc ) ( index $secret.data "offerprovider-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   dim-client-secret: {{ coalesce ( .Values.backend.processesworker.dim.clientSecret | b64enc ) ( index $secret.data "dim-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
-  dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key1" ) | default ( randAlphaNum 32 ) | quote }}
   invitation-encryption-key0: {{ coalesce ( .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "invitation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   mailing-encryption-key0: {{ coalesce ( .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "mailing-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ coalesce ( .Values.backend.processesworker.issuerComponent.clientSecret | b64enc ) ( index $secret.data "issuercomponent-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
-  issuercomponent-encryption-key0: {{ coalesce ( .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "issuercomponent-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   bpndidresolver-api-key: {{ coalesce ( .Values.backend.processesworker.bpnDidResolver.apiKey | b64enc ) ( index $secret.data "bpndidresolver-api-key" ) | default ( randAlphaNum 32 ) | quote }}
   serviceaccount-encryption-key0: {{ coalesce ( .Values.backend.administration.serviceAccount.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "serviceaccount-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
 {{ else -}}
@@ -56,13 +55,12 @@ stringData:
   sdfactory-client-secret: {{ .Values.backend.processesworker.sdfactory.clientSecret | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ .Values.backend.processesworker.offerprovider.clientSecret | default ( randAlphaNum 32 ) | quote }}
   dim-client-secret: {{ .Values.backend.processesworker.dim.clientSecret | default ( randAlphaNum 32 ) | quote }}
-  dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   invitation-encryption-key0: {{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   mailing-encryption-key0: {{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ .Values.backend.processesworker.issuerComponent.clientSecret | default ( randAlphaNum 32 ) | quote }}
-  issuercomponent-encryption-key0: {{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   bpndidresolver-api-key: {{ .Values.backend.processesworker.bpnDidResolver.apiKey | default ( randAlphaNum 32 ) | quote }}
   serviceaccount-encryption-key0: {{ .Values.backend.administration.serviceAccount.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
 {{ end }}

charts/portal/values.yaml

@@ -876,7 +876,7 @@ backend:
       universalResolverAddress: "https://resolver.example.org/did"
       # -- path where the did document will be hosted
       didDocumentPath: "/api/administration/staticdata/did"
-      maxValidationTimeInDays: 7
+      maxValidationTimeInDays: 7       
       encryptionConfigIndex: 0
       encryptionConfigs:
         index0:
@@ -893,15 +893,6 @@ backend:
       clientSecret: ""
       grantType: "client_credentials"
       scope: "openid"
-      encryptionConfigIndex: 0
-      encryptionConfigs:
-        index0:
-          index: 0
-          cipherMode: "CBC"
-          paddingMode: "PKCS7"
-          # -- EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'.
-          # Expected format is 256 bit (64 digits) hex.
-          encryptionKey: ""
     bpnDidResolver:
       # -- ApiKey for management endpoint of the bpnDidResolver. Secret-key 'bpndidresolver-api-key'.
       apiKey: ""

environments/consortia/helm-values/values-dev.yaml

@@ -265,9 +265,6 @@ backend:
     issuerComponent:
       clientId: "<path:portal/data/processes-worker#issuercomponent-client-id>"
       clientSecret: "<path:portal/data/dev/processes-worker#issuercomponent-client-secret>"
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/dev/processes-worker#issuercomponent-encryption-key0>"
     bpnDidResolver:
       apiKey: "<path:portal/data/dev/processes-worker#bpndidresolver-api-key>"
     invitation:

environments/consortia/helm-values/values-int.yaml

@@ -265,9 +265,6 @@ backend:
     issuerComponent:
       clientId: "<path:portal/data/processes-worker#issuercomponent-client-id>"
       clientSecret: "<path:portal/data/int/processes-worker#issuercomponent-client-secret>"
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/int/processes-worker#issuercomponent-encryption-key0>"
     bpnDidResolver:
       apiKey: "<path:portal/data/int/processes-worker#bpndidresolver-api-key>"
     invitation:

environments/consortia/helm-values/values-rc.yaml

@@ -265,9 +265,6 @@ backend:
     issuerComponent:
       clientId: "<path:portal/data/processes-worker#issuercomponent-client-id>"
       clientSecret: "<path:portal/data/dev/processes-worker#issuercomponent-client-secret>"
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/dev/processes-worker#issuercomponent-encryption-key0>"
     bpnDidResolver:
       apiKey: "<path:portal/data/dev/processes-worker#bpndidresolver-api-key>"
     invitation:

environments/helm-values/values-int.yaml

@@ -263,13 +263,10 @@ backend:
       universalResolverAddress: "https://dev.uniresolver.io/"
       encryptionConfigs:
         index0:
-          encryptionKey: "<path:portal/data/int/encryption-keys#dim-encryption-key0>"
+          encryptionKey: "<path:portal/data/int/processes-worker#dim-encryption-key0>"
     issuerComponent:
       clientId: "<path:portal/data/portal-iam-clientIds#issuercomponent-client-id>"
       clientSecret: "<path:portal/data/int/iam/centralidp-client-secrets#portal-issuer-sa>"
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/int/encryption-keys#issuercomponent-encryption-key0>"
     bpnDidResolver:
       apiKey: "<path:portal/data/bdrs-mgmt-api-key#content>"
     invitation: