Hello all
When creating an image in AWS I couldn’t find a configuration option to create it encrypted using a KMS key. Is this possible?
Thanks and regards,
Ernesto Medina.
There’s no option for that today but if it’s just the image I don’t think this would be hard to put in.
That would be really practical because it simplifies the build (CI) process.
FYI - we merged initial support for toggling KMS via adding in initial KMS by eyberg · Pull Request #1555 · nanovms/ops · GitHub . You can either set it to ‘default’ to use the AWS default or give it an arn for a key.
1 Like
I tried using a “KMS” key in my config.json at the top level and within different blocks but it didn’t work. Looking forward to that documentation 
Thanks in advance,
Ernesto.
The KMS key is supposed to go in the CloudConfig JSON attribute of the Ops configuration file. Example:
{
"CloudConfig" : {
"ProjectID": "my-project",
"Zone": "ap-northeast-1a",
"BucketName": "my-bucket",
"Flavor": "t4g.nano",
"EnableIPv6": true,
"KMS": "default"
}
}
Are you using the latest Ops version 0.1.40? Or did you build Ops from source?
It’s not available for brew/mac yet.
% brew upgrade ops
Running `brew update --auto-update`...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/core and homebrew/cask).
==> New Casks
brightintosh hapigo navigraph-simlink vimcal
cardo-update navigraph-charts senabluetoothdevicemanager wiso-steuer-2024
Warning: nanovms/ops/ops 0.1.39_1 already installed
Should I manually install it with curl?
Or is this something that can easily be updated on your end?
Thanks,
Ernesto.
I updated it with curl and tested it, it works,
This post can be closed.
Thank you very much,
Ernesto.
Yeh - we haven’t automated the version updating of the brew tap yet - it’s still on 0.1.39, but latest 0.1.40 will have that.