531be15bfe
Automatic merge from submit-queue (batch tested with PRs 49259, 49350) Add envelope encryption transformer Essential to implement envelope encryption, using a KEK-DEK based encryption scheme which uses an external root of trust (cloudkms, hardware etc). * Caches known DEKs. * Creates a new DEK for each write (most common and recommended way of implementing envelope encryption). * Relies on an implementation of `envelope.Service` which actually implements the encryption and decryption using the external root of trust. Essential for #48522 @smarterclayton @jcbsmpsn @cheftako @lavalamp @php-coder @destijl @cjcullen This PR is generic, and independent of any cloudprovider / cloud / KMS code. For more context: #48574
This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.
The code in the staging/ directory is authoritative, i.e. the only copy of
the code. You can directly modify such code.
The vendor/k8s.io directory contains symlinks pointing to this staging area,
so to use a package in the staging area, you can import it as
k8s.io/<package-name>, as if the package were vendored. Packages will be
vendored from k8s.io/<package-name> for real after the test matrix is
converted to vendor k8s components.