Skip to content

Add frontend encryption#11157

Open
lakshmimsft wants to merge 2 commits intomainfrom
lakshmimsft/frontendencryptupd
Open

Add frontend encryption#11157
lakshmimsft wants to merge 2 commits intomainfrom
lakshmimsft/frontendencryptupd

Conversation

@lakshmimsft
Copy link
Contributor

@lakshmimsft lakshmimsft commented Feb 3, 2026

Description

This pull request encrypts sensitive fields in dynamic resource properties before they are saved to the database. The main changes add a filter that detects sensitive fields using resource schemas, encrypts them using a key from Kubernetes secrets. The changes also include comprehensive unit tests and necessary wiring in the service and route initialization.
ref: design doc
note: this pr depends on merge of pr #11098 for tests to run.

Type of change

Fixes: #11092

Contributor checklist

Please verify that the PR meets the following requirements, where applicable:

  • An overview of proposed schema changes is included in a linked GitHub issue.
    • Yes
    • Not applicable
  • A design document PR is created in the design-notes repository, if new APIs are being introduced.
    • Yes
    • Not applicable
  • The design document has been reviewed and approved by Radius maintainers/approvers.
    • Yes
    • Not applicable
  • A PR for the samples repository is created, if existing samples are affected by the changes in this PR.
    • Yes
    • Not applicable
  • A PR for the documentation repository is created, if the changes in this PR affect the documentation or any user facing updates are made.
    • Yes
    • Not applicable
  • A PR for the recipes repository is created, if existing recipes are affected by the changes in this PR.
    • Yes
    • Not applicable

@lakshmimsft lakshmimsft requested a review from sk593 February 3, 2026 21:56
@lakshmimsft lakshmimsft force-pushed the lakshmimsft/frontendencryptupd branch from e208328 to bef0a49 Compare February 4, 2026 18:45
@lakshmimsft lakshmimsft temporarily deployed to external-contributor-approval February 4, 2026 18:45 — with GitHub Actions Inactive
@lakshmimsft lakshmimsft temporarily deployed to external-contributor-approval February 4, 2026 19:49 — with GitHub Actions Inactive
@lakshmimsft lakshmimsft force-pushed the lakshmimsft/frontendencryptupd branch from 27d160e to 2198a13 Compare February 4, 2026 22:31
@lakshmimsft lakshmimsft temporarily deployed to external-contributor-approval February 4, 2026 22:31 — with GitHub Actions Inactive
@lakshmimsft lakshmimsft marked this pull request as ready for review February 4, 2026 23:21
@lakshmimsft lakshmimsft requested review from a team as code owners February 4, 2026 23:21
@lakshmimsft
add frontend encryption
a022f43 
Signed-off-by: lakshmimsft <ljavadekar@microsoft.com>
@lakshmimsft
randBytes already returns a base64-encoded string, so no need to b64e…
5bc654f 
…nc again

Signed-off-by: lakshmimsft <ljavadekar@microsoft.com>
@lakshmimsft lakshmimsft force-pushed the lakshmimsft/frontendencryptupd branch from 2198a13 to 5bc654f Compare February 6, 2026 22:58
@lakshmimsft lakshmimsft deployed to external-contributor-approval February 6, 2026 22:58 — with GitHub Actions Active
@radius-functional-tests
Copy link

radius-functional-tests bot commented Feb 6, 2026
edited
Loading

Radius functional test overview

🔍 Go to test action run

Click here to see the test run details
Name Value
Repository radius-project/radius
Commit ref 5bc654f
Unique ID func79f0f7e303
Image tag pr-func79f0f7e303
  • gotestsum 1.13.0
  • KinD: v0.29.0
  • Dapr: 1.14.4
  • Azure KeyVault CSI driver: 1.4.2
  • Azure Workload identity webhook: 1.3.0
  • Bicep recipe location ghcr.io/radius-project/dev/test/testrecipes/test-bicep-recipes/<name>:pr-func79f0f7e303
  • Terraform recipe location http://tf-module-server.radius-test-tf-module-server.svc.cluster.local/<name>.zip (in cluster)
  • applications-rp test image location: ghcr.io/radius-project/dev/applications-rp:pr-func79f0f7e303
  • dynamic-rp test image location: ghcr.io/radius-project/dev/dynamic-rp:pr-func79f0f7e303
  • controller test image location: ghcr.io/radius-project/dev/controller:pr-func79f0f7e303
  • ucp test image location: ghcr.io/radius-project/dev/ucpd:pr-func79f0f7e303
  • deployment-engine test image location: ghcr.io/radius-project/deployment-engine:latest

Test Status

⌛ Building Radius and pushing container images for functional tests...
✅ Container images build succeeded
⌛ Publishing Bicep Recipes for functional tests...
✅ Recipe publishing succeeded
⌛ Starting corerp-cloud functional tests...
⌛ Starting ucp-cloud functional tests...
✅ ucp-cloud functional tests succeeded
✅ corerp-cloud functional tests succeeded

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sk593 sk593 Awaiting requested review from sk593

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Frontend Encryption Updates

1 participant

@lakshmimsft