Home

Welcome to the Trousseau wiki!

The current wiki pages offer guidance to install and use Trousseau on the following platforms:

Generic k8s with HashiCorp Vault
Rancher Kubernetes Engine with Hashicorp Vault
Rancher Kubernetes Engine v2 with Hashicorp Vault

Trousseau software architecture

Trousseau is fully develop in Go addressing the Kubernetes KMS provider. Here is the quote from the Kubernetes project defining the overall process that trousseau is based on:

The KMS encryption provider uses an envelope encryption scheme to encrypt data in etcd. The data is encrypted using a data encryption key (DEK); a new DEK is generated for each encryption.
The DEKs are encrypted with a key encryption key (KEK) that is stored and managed in a remote KMS. The KMS provider uses gRPC to communicate with a specific KMS plugin. The KMS plugin, which is implemented as a gRPC server and deployed on the same host(s) as the Kubernetes master(s), is responsible for all communication with the remote KMS.

Trousseau workflow overview

trousseau_overview

Home

About

How it works

Architecture
- Concepts
- Trousseau
  - Design principles
  - Workflow

How to use

Getting help

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Home

Welcome to the Trousseau wiki!

Trousseau software architecture

Trousseau workflow overview

Clone this wiki locally