You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+36Lines changed: 36 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -33,6 +33,42 @@ We do this using our shared object library via the `LD_PRELOAD` environment vari
33
33
- **[Hunter Madison](https://github.com/hmadison)**: Who taught me about how to use redhook based on Michele Mancioppi's [opentelemetry-injector](https://github.com/mmanciop/opentelemetry-injector) project.
34
34
- **[Jake Scott](https://github.com/jakejscott)**: And his [rust-parameters-lambda-extension](https://github.com/jakejscott/rust-parameters-lambda-extension) project which served as the starting point for this project.
35
35
36
+
## Architecture
37
+
38
+
There are two main parts for Crypteia, the `crypteia` binary and `libcrypteia.so` shared object file. The following sequence diagram should help highlight how this works with an image's `ENTRYPOINT` and `CMD` interface.
39
+
40
+
```mermaid
41
+
sequenceDiagram
42
+
actor WRK as Container Workload
43
+
participant ENT as 🚪 ENTRYPOINT
44
+
participant BIN as 🗑 (bin) crypteia
45
+
participant LIB as 📚 (lib) libcrypteia.so
46
+
participant CMD as 📢 CMD
47
+
participant AWS as 🔒 Secrets Storage
48
+
WRK->>ENT: Run
49
+
activate ENT
50
+
ENT->>BIN: Lambda RIC or ENTRYPOINT
51
+
activate BIN
52
+
BIN->>AWS: Batch Fetch
53
+
AWS->>BIN: Batch Response
54
+
BIN->>BIN: crypteia.json (write)
55
+
BIN->>WRK:
56
+
deactivate BIN
57
+
deactivate ENT
58
+
WRK->>CMD: Run
59
+
activate CMD
60
+
CMD->>LIB: LD_PRELOAD
61
+
LIB->>LIB: crypteia.json (read/delete)
62
+
LIB->>CMD: 🔐 Shared Memory
63
+
CMD->>CMD: getenv(3)
64
+
CMD->>WRK:
65
+
deactivate CMD
66
+
```
67
+
68
+
Secrets are fetched in batch via the `ENTRYPOINT`. This is done for you automatically with the Lambda Runtime Interface Client as part of the Lambda Extensions interface. When using Ctypteia with other container tools, calling the binary `/opt/extensions/crypteia` would need to be as an explicit `ENTRYPOINT` or part of that script.
69
+
70
+
When your `CMD` process is running, replacing `x-crypteia` prefixed environment values with `getenv(3)` is done quickly in memory.
71
+
36
72
## Installation
37
73
38
74
When building your own Lambda Containers, use both the `crypteia` binary and `libcrypteia.so` shared object files that match your platform. Target platform naming conventions include the following:
0 commit comments