[v18] Encrypted Session Recordings#57959
Merged
eriktate merged 21 commits intobranch/v18from Sep 3, 2025
Merged
Conversation
Contributor
|
Amplify deployment status
|
eriktate
force-pushed
the
eriktate/backport-encrypted-session-recordings/v18
branch
from
a0ec26e to
0e808a4
Compare
eriktate
force-pushed
the
eriktate/backport-encrypted-session-recordings/v18
branch
from
aebbdf8 to
7884c10
Compare
eriktate
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
eriktate
force-pushed
the
eriktate/backport-encrypted-session-recordings/v18
branch
2 times, most recently
from
8db8a77 to
49c7118
Compare
eriktate
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
eriktate
requested review from
hugoShaka,
r0mant,
rosstimothy,
russjones,
strideynet,
tigrato and
zmb3
as code owners
github-actions
Bot
added
application-access
audit-log
|
@eriktate - this PR will require admin approval to merge due to its size. Consider breaking it up into a series smaller changes. |
tigrato
approved these changes
Sep 3, 2025
strideynet
approved these changes
Sep 3, 2025
rosstimothy
approved these changes
Sep 3, 2025
… and updates the existing SessionRecordingConfig protos to include a Status (#54780)
…ops more complex than CRUD (#55078)
* adding Manager for RecordingEncryption resources that handles shared ops more complex than CRUD * adding age plugin wrapping default X25519 Identity/Recipient implementation with hooks to more efficiently lookup private keys given their respective public key
* updating protos for recording encryption * changing labels for encryption keys to prevent automatic cleanup, adjusting pkcs11 host UUID check to allow for key sharing of encryption keys, preventing cloud tenants from enabling manual key management, preventing use of recording encryption in FIPS mode
…#57780) broken session_recording_config when using fileconf
eriktate
force-pushed
the
eriktate/backport-encrypted-session-recordings/v18
branch
from
49c7118 to
588f960
Compare
eriktate
temporarily deployed
to
docs-amplify
GitHub Actions
Inactive
public-teleport-github-review-bot
Bot
removed the request for review
from nklaassen
eriktate
deleted the
eriktate/backport-encrypted-session-recordings/v18
branch
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backports #54428, #55652, #54780, #54816, #55078, #55120, #54901, #55857, #55121, #55859, #56200, #56776, #56920, #57055, #57279, #57576 to branch/v18
changelog: Added support for encrypting session recordings at rest across all recording modes. Encryption can be enabled statically by setting
auth_server.session_recording_config.enabled: yesin the Teleport file configuration, or dynamically by editing thesesion_recording_configresource and settingspec.encryption.enabled: yes.