core/zero: add pseudonymization key (#5290)

2025-08-04 09:19:39 +02:00 · 2024-09-19 14:43:01 -06:00 · 2024-09-19 14:43:01 -06:00 · bfc782ff06
commit bfc782ff06
parent 9d6b656fbe
9 changed files with 44 additions and 20 deletions
--- a/pkg/cryptutil/pseudonymize.go
+++ b/pkg/cryptutil/pseudonymize.go
@ -8,8 +8,8 @@ import (
 )

 // Pseudonymize pseudonymizes data by computing the HMAC-SHA256 of the data.
-func Pseudonymize(organizationID string, data string) string {
-	h := hmac.New(sha256.New, []byte(organizationID))
+func Pseudonymize(key []byte, data string) string {
+	h := hmac.New(sha256.New, key)
 	_, _ = io.WriteString(h, data)
 	bs := h.Sum(nil)
 	return base64.StdEncoding.EncodeToString(bs)
--- a/pkg/zero/cluster/models.gen.go
+++ b/pkg/zero/cluster/models.gen.go
@ -27,6 +27,7 @@ type BootstrapConfig struct {
 	// DatabrokerStorageConnection databroker storage connection string
 	DatabrokerStorageConnection *string `json:"databrokerStorageConnection,omitempty"`
 	OrganizationId              string  `json:"organizationId"`
+	PseudonymizationKey         []byte  `json:"pseudonymizationKey"`

 	// SharedSecret shared secret
 	SharedSecret []byte `json:"sharedSecret"`
--- a/pkg/zero/cluster/openapi.yaml
+++ b/pkg/zero/cluster/openapi.yaml
@ -197,6 +197,9 @@ components:
          description: databroker storage connection string
        organizationId:
          type: string
+        pseudonymizationKey:
+          type: string
+          format: byte
        sharedSecret:
          type: string
          format: byte
@ -204,6 +207,7 @@ components:
      required:
        - clusterId
        - organizationId
+        - pseudonymizationKey
        - sharedSecret

    Bundle: