Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AWS KMS client connector #5624

Open
wants to merge 4 commits into
base: development/7.70
Choose a base branch
from
Open

Add AWS KMS client connector #5624

wants to merge 4 commits into from

Conversation

outscale-fba
Copy link
Contributor

Add AWS KMS client connector

New code to use AWS KMS for bucket encryption, based on the KMIP implementation.

Add an optional "GenerateDataKey" function on the kms client API, only defined in the AWS KMS client. This new function is used in cloudserver when detected for the creation of a datakey. For others existing KMS implementations (KMIP, file, memory, ...) the behavior is unchanged.

The following modifications are made:

Arsenal:

  • new package dependency: @aws-sdk/client-kms
  • new dev dependency: aws-sdk-client-mock
  • new source file for implementing the AWS KMS backend connector
  • introduce a new optional "GenerateDataKey" function on the client
  • add unit tests on the new AWS KMS client.

Cloudserver:

  • Add a new configuration section for the AWS KMS backend connector,
  • New code to use the GenerateDataKey function when available.

@outscale-fba
FT: Provide AWS KMS connector for bucket ciphering
4960876 
Add configuration mechanism for the new AWS KMS connector.
Depends on changes in Arsenal to have support of this new connector.
@outscale-fba
FT: ciphering, use generateDataKey operation of the KMS backend when
394e5f2 
available

Up to now, the datakey was always generated using a locally generated
random number.
This commit allow to use the "generateDataKey" operation of a KMS when
it is implemented. It fallback to random number generation if not
available.
The benefit of generating the datakey in the KMS is a better entropy
source resulting in a "better" datakey.
@outscale-fba
FT: AWS KMS, fix lint errors + env var renaming after 1st code review
e9c80f5
@outscale-fba
AWS KMS: TLS configuration
6b9a95d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@outscale-fba