Where can I find the specifications of the built in secret e

Question

Where can I find the specifications of the built in secret encryption for Pulumi I d like to know the algorithm and key size

few-wolf-27303 · Answer

This is the code where that is configured in Go <https github com pulumi pulumi blob d320d68014c78c0bd13cdd1b4a1c73059fbd9adb pkg cmd pulumi util go L195>

orange-policeman-59119 · Answer

For the passphrase based cryptography I can point you here The key derivation function is `pbkdf2` with 1 million rounds and a per environment salt This function is provided by the official golang package The encryption algorithm is AES256GCM which was created using `crypto aes` and `crypto cipher` The nonce is randomly generated via `cryptorand Read`

orange-policeman-59119 · Answer

amp as < few wolf 27303> pointed you to for different providers we may use different algorithms such as RSA OEAP 256 for azure key vault For each of the backend services you ll need to refer to their documentation For the Pulumi Service s cryptography I can refer you to our internal folks as I m not sure what we disclose there

faint-balloon-33174 · Answer

I m looking for the details of the default non password cryptography that Pulumi provides the first link appears to relate to non default secret providers

orange-policeman-59119 · Answer

Got it yeah let me see if I can provide you some info Are you asking on behalf of a current or prospective business customer

orange-policeman-59119 · Answer

Ah it looks like we ve published our whitepaper as a link on our security page amp gt Various Pulumi editions offer configurable secrets management options By default the Pulumi hosted backend manages per stack AWS KMS based encryption keys on the server All secrets are sent over HTTPS to and the backend uses AES256GCM to encrypt values with the stack specific key