d16d64f620
Automatic merge from submit-queue (batch tested with PRs 46979, 47078, 47138, 46916) Add a secretbox and AES-CBC path for encrypt at rest Add a secretbox and AES-CBC encrypt at rest provider and alter the config, based on feedback from security review. AES-CBC is more well reviewed and generally fits better with common criteria and FIPS, secretbox is newer and faster than CBC. ```release-note Add secretbox and AES-CBC encryption modes to at rest encryption. AES-CBC is considered superior to AES-GCM because it is resistant to nonce-reuse attacks, and secretbox uses Poly1305 and XSalsa20. ``` |
||
|---|---|---|
| .. | ||
| src/k8s.io | ||
| OWNERS | ||
| README.md | ||
| copy.sh | ||
| godeps-json-updater.go | ||
| prime-apimachinery.sh | ||
README.md
This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.
Most code in the staging/ directory is authoritative, i.e. the only copy of
the code. You can directly modify such code. However the packages in
staging/src/k8s.io/client-go/pkg are copied from pkg/. If you modify the
original code in pkg/, you need to run hack/godep-restore.sh from the k8s
root directory, followed by hack/update-staging-client-go.sh. We are working
towards making all code in staging/ authoritative.
The vendor/k8s.io directory contains symlinks pointing to this staging area,
so to use a package in the staging area, you can import it as
k8s.io/<package-name>, as if the package were vendored. Packages will be
vendored from k8s.io/<package-name> for real after the test matrix is
converted to vendor k8s components.