mirror of
https://github.com/siderolabs/talos.git
synced 2025-08-20 22:21:13 +02:00
09fbe2d9ad
This pulls in an update from our bootkube fork that adds security hardening to the control plane. The following was changed: - API server now uses an EncryptionConfig for encrypting secrets - API server now has an audit policy - Profiling was disabled on all control plane components - PodSecurityPolicy is enabled - API server TLS cipher suites were set to the recommended ciphers by CIS Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
23 lines
574 B
Go
23 lines
574 B
Go
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
package cis
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/base64"
|
|
)
|
|
|
|
// CreateEncryptionToken generates an encryption token to be used for secrets.
|
|
func CreateEncryptionToken() (string, error) {
|
|
encryptionKey := make([]byte, 32)
|
|
if _, err := rand.Read(encryptionKey); err != nil {
|
|
return "", err
|
|
}
|
|
|
|
str := base64.StdEncoding.EncodeToString(encryptionKey)
|
|
|
|
return str, nil
|
|
}
|