Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: decrypt client TLS certificate key for Elastic Defend #5542

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

WIP: decrypt client TLS certificate key for Elastic Defend #5542

wants to merge 1 commit into from
+710 −192

Conversation

AndersonQ
Copy link
Member

@AndersonQ AndersonQ commented Sep 13, 2024
edited
Loading

It adds EndpointTLSComponentModifier which will check if the client certificate key is encrypted, if so, it'll decrypt the key and pass it decrypted to endpoint (Elastic Defend)

What does this PR do?

Why is it important?

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • [ ] I have added an integration test or an E2E test

Author's checklist

Acceptance Criteria:

Disruptive User Impact

How to test this PR locally

Related issues

Questions to ask yourself

  • How are we going to support this in production?
  • How are we going to measure its adoption?
  • How are we going to debug this?
  • What are the metrics I should take care of?
  • ...

@AndersonQ AndersonQ added the Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team label Sep 13, 2024
@AndersonQ AndersonQ self-assigned this Sep 13, 2024
@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 13, 2024

This pull request does not have a backport label. Could you fix it @AndersonQ? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-./d./d is the label to automatically backport to the 8./d branch. /d is the digit

@mergify Mergify
Copy link
Contributor

mergify bot commented Sep 13, 2024

backport-v8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

@mergify mergify bot added the backport-8.x Automated backport to the 8.x branch with mergify label Sep 13, 2024
@AndersonQ AndersonQ force-pushed the 5490-pass-decrypted-cert-key-to-defend branch 3 times, most recently from 42c9b86 to 716f0a9 Compare September 19, 2024 10:37
@AndersonQ
decrypt client mTLS certificate key for Elastic Defend
e00b883 
It adds EndpointTLSComponentModifier which will check if the client certificate key is encrypted, if so, it'll decrypt the key and pass it decrypted to endpoint (Elastic Defend)
@AndersonQ AndersonQ force-pushed the 5490-pass-decrypted-cert-key-to-defend branch from 716f0a9 to e00b883 Compare September 19, 2024 13:05
@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
1 New issue
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
89.1% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@AndersonQ AndersonQ

Labels
backport-8.x Automated backport to the 8.x branch with mergify Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pass the decrypted mTLS client certificate key to Elastic Defend
1 participant
@AndersonQ