k8s-image-swapper icon indicating copy to clipboard operation
k8s-image-swapper copied to clipboard

Published 20 hours ago verified publisher icon estahn

aws encryptionConfiguration not being set with KMS

Open bdjtcg opened this issue 1 year ago • 0 comments

I am trying to enable KMS encryption and have set the following in the config, however repositories are still being created with AES-256. :

target:
  aws:
    accountId: "123456"
    ecrOptions:
      encryptionConfiguration:
        encryptionType: "KMS"
        kmsKey: "arn:aws:kms:us-west-2:123456"
    region: us-west-2

No errors are logged. Please let me know if anyone has successfully set kms encryption. Any help is appreciated. Also, I noticed there is no reference to encryptionConfiguration in the ecr.go.80:

client := &ECRClient{
		client:          ecrClient,
		ecrDomain:       ecrDomain,
		cache:           cache,
		scheduler:       scheduler,
		targetAccount:   clientConfig.AccountID,
		accessPolicy:    clientConfig.ECROptions.AccessPolicy,
		lifecyclePolicy: clientConfig.ECROptions.LifecyclePolicy,
		tags:            clientConfig.ECROptions.Tags,
	}

bdjtcg avatar Sep 18 '23 23:09 bdjtcg