proposal: encrypted oci container images

[Dentrax]

Signed-off-by: Furkan furkan.turkal@trendyol.com

Follow-up issue: goharbor/harbor#15489

I could not fill the implementation process since I do not know Harbor's project domain much. So, any contributions to my PR are welcomed. We can improve the proposal better according to your feedback.

[tianon]

This is kind of an interesting setup -- having the location where the encrypted images get stored also have access to the private key data required to encrypt/decrypt the images seems less than ideal. Maybe it would be a good idea to elaborate on your threat model a bit to explain what this would gain?

For example, if you're just looking for at-rest encryption, something like an encrypted filesystem underneath Harbor seems to me like it's probably a better answer (and one that doesn't require any changes to Harbor itself to support).

[Dentrax]

having the location where the encrypted images get stored also have access to the private key data required to encrypt/decrypt the images seems less than ideal.

Oh, yes, I agree with you. I could not figure it out how it should be in effective way 🤔

Maybe it would be a good idea to elaborate on your threat model a bit to explain what this would gain?

Actually, the idea is coming from here: Anyone who has admin privileges to access the registry, (i.e., both network or hardware access), if somehow get the my super-secret sensitive image, container runtime should not able to run my image since its layers are encrypted.

something like an encrypted filesystem underneath Harbor seems to me like it's probably a better answer

Sound makes sense. Any related proposal for this?

[Vad1mo]

I had the same question: as the whole point of a zero trust container registry is that image encryption/decryption is happening on the client side.

In a most setups, object stores are commonly used that have options to encrypt the bucket with an HSM or even a client side encryption on the registry.

the only point where I would see TUF is to display some meta-information in the UI such as indicating the image is encrypted by whom and what key.

[sluetze]

Actually, the idea is coming from here: Anyone who has admin privileges to access the registry, (i.e., both network or hardware access), if somehow get the my super-secret sensitive image, container runtime should not able to run my image since its layers are encrypted.
[...]

something like an encrypted filesystem underneath Harbor seems to me like it's probably a better answer

Sound makes sense. Any related proposal for this?

In my understanding of unencrypted filesystems, they won't help you with your threat model, since the admin of the registry will still have access. The encrypted filesystem only mitigates unauthorized (physical) attackers. In a running system they are (often) transparent.

Also you are speaking from network access, if someone has access to the network he can just capture the packets of incoming data and get the unencrypted "pushed" image. of course for "pulled" images (which should be quite more :P) there is some protection.

[wy65701436]

The Cosign and Harbor combination covers the proposal to sign OCI artifacts using the OCI way.

With the OCI image/distribution specification reaching the RC2 stage, the introduction of the subject and referrers API provides a standard and native way for registries like Harbor to know the list of manifests with a relationship to a specified digest. Both Harbor and Notary v2 clients are working towards adopting the v1.1.0 version, which is the industry standard for signing OCI artifacts using the OCI way.

Distribution spec: https://github.com/opencontainers/distribution-spec/blob/main/spec.md

[Vad1mo]

After evaluation of your proposal, we have decided to close it at this time due to the current lack of interest from the community. However, this decision does not prevent the possibility of revisiting your proposal in the future, should the situation change.