Build KAS in FIPS mode
Scope
This issue is part of a bigger development effort described in detail by its epic. The scope of this issue is to ...
From &7933 (comment 1075527171)
The other big thing for FIPS 140 is using only validated cryptographic modules. For Go programs, the approach GitLab groups used to implement this was documented in https://docs.gitlab.com/ee/development/fips_compliance.html#go and https://gitlab.com/gitlab-org/gitlab/-/issues/349547. FIPS-compliant container images are generally (if not exclusively) built on Red Hat UBI, since that base image can operate in FIPS mode and provide FIPS-validated openssl for our programs to pick up. At this point there are a number of existing FIPS-compatible images within the company, so hopefully that could provide some examples to work off of.
Actions
-
Build kas with host SDK that provides a FIPS-compliant implementation in CNG (Omnibus is already built with host SDK)
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.