Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All disks encryption documentation- Azure #782

Closed
erzetpe opened this issue Dec 10, 2019 · 3 comments
Closed

All disks encryption documentation- Azure #782

erzetpe opened this issue Dec 10, 2019 · 3 comments
Assignees
@seriva
Labels
area/security

Comments

@erzetpe
Copy link
Contributor

erzetpe commented Dec 10, 2019

No description provided.

@plirglo
Copy link
Contributor

plirglo commented Dec 15, 2019

Azure disk encription manual process is decribed in Azure documentation and it's quite easy
https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss

Basically firstly keyvault needs to be created where encryption key will be stored and than machine encryption is possible from az cli.

There is also possible to apply encryption using Terraform.
Kayvault creation:
https://www.terraform.io/docs/providers/azurerm/r/key_vault.html
But this doesn't work (for me) with azurerm 1.27 version which is setup in epicli 0.4.2. I needed to use version 1.38.0.

After when kayvault is created diskencrypt Terraform module should be used for disk encryption:
https://registry.terraform.io/modules/Azure/diskencrypt/azurerm/2.0.0

This needs to be checked. I haven't tested it well because of problems with my local environment.

@seriva
Copy link
Collaborator

seriva commented Dec 16, 2019
edited
Loading

As for the keyvault creation with Terraform there is/was an issue with the creation of azurerm_subnet_network_security_group_association with azurerm 1.28 when having more then 3 subnets. Some kind of order issues when it was creating the resources on Azure:

https://www.terraform.io/docs/providers/azurerm/r/subnet_network_security_group_association.html

Hense I locked it at 1.27. We might want to try if the latest Azurerm 1.38 fixes the problem. All the code is there:

https://github.com/epiphany-platform/epiphany/blob/3c4f284cd2426c58a6c36e7e49f553d1100fa8e0/core/src/epicli/cli/engine/providers/azure/InfrastructureBuilder.py#L66

And bumping the Azurerm version can be done here:

https://github.com/epiphany-platform/epiphany/blob/3c4f284cd2426c58a6c36e7e49f553d1100fa8e0/core/src/epicli/data/azure/terraform/epiphany-cluster.j2#L14

Rebuilding of devcontainer is required. Im not sure if Azurerm 1.38 needs any additional changes to the templates.

@seriva seriva changed the title All disks encryption - Azure All disks encryption documentation- Azure Jan 15, 2020
@seriva seriva mentioned this issue Jan 15, 2020
Merged
seriva added a commit that referenced this issue Jan 16, 2020
@seriva
Merge pull request #825 from seriva/feature/disk-encryption
3a8d61c 
Added encryption of EC2 Root volumes (#381)
Added AWS disk encryption documentation (#781)
Added Azure disk encryption documentation (#782)
@alkaja
Copy link

alkaja commented Jan 21, 2020

Done.

@alkaja alkaja closed this as completed Jan 21, 2020
to-bar pushed a commit to to-bar/epiphany that referenced this issue May 6, 2020
@seriva
Added AWS disk encryption documentation (hitachienergy#782)
e0c8bd9
to-bar pushed a commit to to-bar/epiphany that referenced this issue May 6, 2020
@seriva
Merge pull request hitachienergy#825 from seriva/feature/disk-encryption
2cce83b 
Added encryption of EC2 Root volumes (hitachienergy#381)
Added AWS disk encryption documentation (hitachienergy#781)
Added Azure disk encryption documentation (hitachienergy#782)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@seriva seriva

Labels
area/security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@erzetpe @seriva @plirglo @alkaja