Skip to content

GDB-14591 Add encryption at rest properties#207

Merged
vanxa merged 1 commit into
mainfrom
GDB-14591-encryption-at-rest
Jun 23, 2026
Merged

GDB-14591 Add encryption at rest properties#207
vanxa merged 1 commit into
mainfrom
GDB-14591-encryption-at-rest

Conversation

@vanxa

@vanxa vanxa commented May 21, 2026

Copy link
Copy Markdown
Contributor

GDB-14591 Adds encryption at rest properties

Adds configuration under encryption to setup encryption at rest. Currently, two methods are supported - via master key, or keystore.
The configuration properties are injected as environment variables
Adds examples for both file-based and pkcs12-based encryption at rest configuration

@vanxa vanxa self-assigned this May 21, 2026
@vanxa vanxa force-pushed the GDB-14591-encryption-at-rest branch from 0e4d473 to 49beff7 Compare May 22, 2026 12:06
Comment thread templates/graphdb/configmap-encryption-environment.yaml Outdated
Comment thread templates/graphdb/statefulset.yaml Outdated
Comment thread templates/graphdb/configmap-encryption-environment.yaml Outdated
Comment thread templates/graphdb/statefulset.yaml Outdated
Comment thread templates/graphdb/statefulset.yaml Outdated
@vanxa vanxa requested a review from mihailradkov June 4, 2026 08:59
Comment thread templates/graphdb/configmap-environment.yaml Outdated
Comment thread templates/graphdb/statefulset.yaml Outdated
Comment thread templates/graphdb/statefulset.yaml
Comment thread values.yaml Outdated
Comment thread examples/encryption-at-rest/enc-pkcs12-values.yaml Outdated
Comment thread examples/encryption-at-rest/README.md
Comment thread CHANGELOG.md Outdated
@vanxa vanxa force-pushed the GDB-14591-encryption-at-rest branch from fa7b3c9 to 320f795 Compare June 17, 2026 08:55
@vanxa vanxa requested a review from mihailradkov June 17, 2026 08:55
Comment thread CHANGELOG.md Outdated
@vanxa vanxa force-pushed the GDB-14591-encryption-at-rest branch from 2e05222 to 8d79d8d Compare June 19, 2026 12:02

@tonyKunchev tonyKunchev left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

Just one note, squash and describe well the commit that you are going to add. Also, it would be nice to add some description to this pull request.

@vanxa vanxa requested a review from mihailradkov June 23, 2026 08:21
@vanxa vanxa dismissed mihailradkov’s stale review June 23, 2026 09:35

Resolved in earlier changes.

@vanxa vanxa force-pushed the GDB-14591-encryption-at-rest branch 3 times, most recently from fe1d168 to 8fd9077 Compare June 23, 2026 09:40
- Adds configuration parameters under `encryption` to configure encryption at rest
(see here: https://graphdb.ontotext.com/documentation/11.4/encryption.html#encryption-at-rest)
- Currently, file-based and pkcs12-based encryption at rest
  configurations are supported
- Adds support for two new kubectl secrets values: `masterKeyExistingSecret` (for both modes) and `kestorePasswordExistingSecret` (used with `pkcs12` mode)
- Add examples
@vanxa vanxa force-pushed the GDB-14591-encryption-at-rest branch from 8fd9077 to 01d3346 Compare June 23, 2026 09:42
@vanxa vanxa merged commit b801798 into main Jun 23, 2026
3 checks passed
@vanxa vanxa deleted the GDB-14591-encryption-at-rest branch June 23, 2026 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants