Comments (5)
This site mentions a similar idea at the final thoughts: https://launchbylunch.com/posts/2014/Jan/13/encrypting-docker-on-digitalocean/
from nixops-aws.
👍
from nixops-aws.
It seems like much of the support for this would be on the NixOS side. Do you have more ideas on what this would look like?
from nixops-aws.
I was thinking about this a little bit. Not in the context of EC2, but in general.
The idea is to have initrd do the network setup (including some primitive firewall rules?) and start sshd (or telnetd) to obtain the passphrase. Nixops would then push the passphrase by connecting to the server and typing it there.
It is still not great from the paranoid point of view as someone can still plant a bug into our initrd and wait for us to connect and give them the passphrase, but it is still much better than nothing.
from nixops-aws.
Wait a second, looks like this is already implemented! NixOS/nixpkgs#10460
from nixops-aws.
Related Issues (20)
- Port to python3
- Failure to provision hosts on spot market HOT 1
- Root volume is considered as 'detached' using nixpkgs 20.03 HOT 6
- Record on route53 is not being created. HOT 17
- Route53RecordSet pointing at an elasticIP address fails to be created
- AWS c6g.large instance type is not supported
- Where are the docs? HOT 2
- [feature] Manage RDS passwords
- Add support for gp3 disk type HOT 2
- Stop/Start an RDS DB instance HOT 2
- invalid EC2 region ‘eu-south-1’ HOT 1
- Retirement of EC2-Classic
- [flakes] NIX_PATH impurity HOT 1
- Automatically generate python types HOT 1
- aarch64 instance support
- gatewayId can be null which fails in python
- Initial nix-build fails to build
- `KeyError: 'Ebs'` when deploying EC2 instance with `ebsBoot` HOT 1
- How do you use the s3 remote backend? HOT 7
- Status of the repository? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nixops-aws.