Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KMS Support #120

Merged
merged 41 commits into from
Feb 15, 2024
Merged

KMS Support #120

merged 41 commits into from
Feb 15, 2024

Conversation

ChaosInTheCRD
Copy link
Collaborator

@ChaosInTheCRD ChaosInTheCRD commented Jan 8, 2024
edited
Loading

In this PR

  • AWS KMS Signer / Verifier
  • AWS KMS Signer / Verifer Tests
  • GCP KMS Signer / Verifier
  • GCP KMS Signer / Verifier Tests

In a follow-up PR

  • Azure KMS Signer / Verifier
  • Vault KMS Signer / Verifier

@adityasaky
Copy link
Member

In light of go-consolidation, would it make sense to explore putting it in go-sslib directly?

@jkjell
Copy link
Member

jkjell commented Jan 12, 2024

would it make sense to explore putting it in go-sslib directly

This is a good question. We should have a plan for incremental adoption of go-ssllib. We'll think about this before next Friday's call.

@ChaosInTheCRD
Copy link
Collaborator Author

Going to close this for now and track it in an issue

@ChaosInTheCRD ChaosInTheCRD mentioned this pull request Jan 16, 2024
Open
@jkjell jkjell reopened this Jan 19, 2024
@jkjell
Copy link
Member

jkjell commented Jan 19, 2024

We have some demand for this from users that are interested before the go-ssl work is likely to be done.

@ChaosInTheCRD ChaosInTheCRD marked this pull request as ready for review January 24, 2024 17:55
@ChaosInTheCRD
Copy link
Collaborator Author

ChaosInTheCRD commented Feb 6, 2024
edited
Loading

Still TODO befoire merge:

  • Implement options for AWS and GCP KMS Signers
  • Populate and utilize options for AWS and GCP KMS Signers
  • Add placeholder contexts in Signer functions

jkjell
jkjell reviewed Feb 8, 2024
View reviewed changes
Copy link
Member

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't dive in too much to gcp or hashivault.

signer/kms/signerprovider.go Outdated Show resolved Hide resolved
signer/kms/signerprovider.go Outdated Show resolved Hide resolved
signer/kms/aws/client.go Outdated Show resolved Hide resolved
signer/kms/aws/signer.go Show resolved Hide resolved
@ChaosInTheCRD
Copy link
Collaborator Author

I didn't dive in too much to gcp or hashivault.

dang, sorry if I messed anyone around 🤦 - hashicorp vault KMS is being held back for a further release. I removed it from this PR, sorry for the inconvenience.

jkjell and others added 10 commits February 8, 2024 14:46
@jkjell
Resolve linter errors
363dcc6 
Signed-off-by: John Kjell <[email protected]>
@jkjell
Remove unused function
4f8cd73 
Signed-off-by: John Kjell <[email protected]>
@ChaosInTheCRD
added all the obvious options for aws and gcp kms
539f876 
Signed-off-by: chaosinthecrd <[email protected]>
@ChaosInTheCRD
fixing some linting errors
07575d1 
Signed-off-by: chaosinthecrd <[email protected]>
@ChaosInTheCRD
Merge branch 'main' into kms-support
41d3fa3
@ChaosInTheCRD
Merge branch 'main' into kms-support
ece6ed2
@ChaosInTheCRD
some refactors made in the quest of folding out a bug
fd9e21b 
Signed-off-by: chaosinthecrd <[email protected]>
@ChaosInTheCRD
Merge branch 'kms-support' of github.com:ChaosInTheCRD/go-witness int…
7a9b1a8 
…o kms-support
@ChaosInTheCRD
making final changes for PR
1680e8c 
Signed-off-by: chaosinthecrd <[email protected]>
@ChaosInTheCRD
Merge branch 'main' into kms-support
1571df7
jkjell
jkjell previously approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@jkjell jkjell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

signer/kms/aws/signer_test.go Show resolved Hide resolved
mikhailswift
mikhailswift previously approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@mikhailswift mikhailswift left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great work! we can handle my comment in a separate PR

@ChaosInTheCRD
removing them again haha
758242e 
Signed-off-by: chaosinthecrd <[email protected]>
@ChaosInTheCRD ChaosInTheCRD merged commit f7a1037 into in-toto:main Feb 15, 2024
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kriscoleman kriscoleman kriscoleman left review comments

@mikhailswift mikhailswift mikhailswift approved these changes

@jkjell jkjell jkjell left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ChaosInTheCRD @adityasaky @jkjell @colek42 @mikhailswift @kriscoleman