[cli/mirror] Allow to reencrypt event payload
Opened this issue · 0 comments
As an administrator of ZITADEL I want to mirror my data to an already existing database, this includes already generated encryption keys, so that I can mirror the data to an already existing database.
The Idea is that you can share an instance with other persons without sharing your secrets.
Open questions
- How to decrypt and encrypt the event payload during mirror?
Additional info
The following events include encrypted data in the payload:
-
idpintent.saml.succeeded: {assertion}
-
idpintent.succeeded: idp{idpAccessToken}
-
instance.idp.oauth.added: {clientSecret}
-
instance.idp.oidc.added: {clientSecret}
-
instance.idp.oidc.migrated.azure: {client_secret}
-
instance.idp.oidc.migrated.google: {clientSecret}
-
instance.idp.azure.added: {client_secret}
-
instance.idp.github.added: {clientSecret}
-
instance.idp.github_enterprise.added: {clientSecret}
-
instance.idp.gitlab.added: {client_secret}
-
instance.idp.gitlab_self_hosted.added: {client_secret}
-
instance.idp.google.added: {clientSecret}
-
instance.idp.ldap.v2.added: {bindPassword}
-
instance.idp.apple.added: {privateKey}
-
instance.idp.saml.added: {key} //TODO: do we need to decrypt the key?
-
iam.idp.oidc.config.added: {clientSecret}
-
org.idp.oauth.added: {clientSecret}
-
org.idp.oidc.added: {clientSecret}
-
org.idp.oidc.migrated.azure: {client_secret}
-
org.idp.oidc.migrated.google: {clientSecret}
-
org.idp.azure.added: {client_secret}
-
org.idp.github.added: {clientSecret}
-
org.idp.github_enterprise.added: {clientSecret}
-
org.idp.gitlab.added: {client_secret}
-
org.idp.gitlab_self_hosted.added: {client_secret}
-
org.idp.google.added: {clientSecret}
-
org.idp.ldap.v2.added: {bindPassword}
-
org.idp.apple.added: {privateKey}
-
org.idp.saml.added: {key} //TODO: do we need to decrypt the key?
-
instance.sms.configtwilio.added: {token}
-
instance.sms.configtwilio.token.changed: {token}
-
instance.smtp.config.password.changed: {password}
-
instance.smtp.config.added: {password}
-
user.human.mfa.otp.added: {otpSecret}
-
key_pair.added: {publicKey}
-
key_pair.certificate.added: {certificate}