-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS::KMS::Key asymmetric signing key support #337
Comments
I think I would prefer this be a separate resource type, perhaps even going so far as to separate out SIGN_VERIFY and ENCRYPT_DECRYPT asymmetric keys into separate types, so that it will be easier for type-checking tools to determine if they are being used correctly (with the new resource provider framework, resource schemas could make it clear which usage type of asymmetric key they need), audit tools to understand the contents of a template more simply, etc. |
Any chances this will be implemented? 🚀 |
|
this is currently WIP; should be merged soon - aws-cloudformation/aws-cloudformation-resource-providers-kms#24 |
Any update on this? |
Hey! This change is merged and should be available for use now. For more information, see the AWS::KMS::Key documentation. |
AWS::KMS::Key asymmetric signing key support
2. Scope of request
The
AWS::KMS::Key
resource doesn't support creating an asymmetric signing key today, although it is possible to create such a key through the KMS API.This needs two things:
AWS::KMS::Key-CustomerMasterKeySpec
attributeSIGN_VERIFY
value inAWS::KMS::Key-KeyUsage
attribute (docs say this is supported, but it gives an error.)5. Helpful Links to speed up research and evaluation
AWS::KMS::Key resource doc
KMS CreateKey API doc
StackoverFlow Question
6. Category (required)
The text was updated successfully, but these errors were encountered: